2023-05-29 02:01:58,081 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1KRU8ybDFHeUU5WnNPaFhsWm0xR0syempFSmZpbGJ2R2VabFJGbzhoY0NjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1lcElBejcyWUVwJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-05-29 02:01:58,081 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:01:58,081 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:01:58,082 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="idf4b2e5ab071f4b91a068235515fd2770"
    IssueInstant="2023-05-29T02:01:57.744Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2023-05-29 02:01:58,099 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:01:58,099 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:01:58,099 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-05-29 02:01:58,100 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:01:58,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:01:58,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:01:58,102 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'idf4b2e5ab071f4b91a068235515fd2770', issue instant '2023-05-29T02:01:57.744Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:01:58,102 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2023-05-29 02:01:58,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:01:58,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:01:58,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:01:58,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:01:58,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:01:58,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:01:58,103 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:01:58,105 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:01:58,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:01:58,105 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:01:58,106 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:01:58,106 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-05-29 02:01:58,106 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:01:58,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:01:58,119 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:01:58,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:01:58.120Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:01:58,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:01:58,121 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:01:58,121 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:01:58,123 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:01:58,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-05-29 02:01:58,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:01:58,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:02:09,392 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2023-05-29 02:02:09,392 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2023-05-29 02:02:09,392 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@618452895::identifier=morty, context=org.apache.velocity.VelocityContext@1e4d8b7e]
2023-05-29 02:02:09,402 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@618452895::identifier=morty, context=org.apache.velocity.VelocityContext@1e4d8b7e]
2023-05-29 02:02:09,402 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2023-05-29 02:02:09,402 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session df88298bc6d72e681f2bf3e10b4138de803972f5de46190e135fd66a3d1e3af7 for principal morty
2023-05-29 02:02:09,403 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session df88298bc6d72e681f2bf3e10b4138de803972f5de46190e135fd66a3d1e3af7
2023-05-29 02:02:09,404 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:02:09,406 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26840a6b'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:02:09,407 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:02:09,500 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-05-29 02:02:09,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:02:09,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:02:09,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:02:09,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:02:09,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:02:10,214 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T020210Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716861730214}'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:02:10,214 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:02:10,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:02:10,215 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:02:10,215 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2023-05-29 02:02:10,215 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26840a6b'
2023-05-29 02:02:10,215 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:02:10,215 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:02:10,216 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:02:10,216 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:02:10,217 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e638d6b60e991950dc804521e1f1fc39
2023-05-29 02:02:10,217 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e638d6b60e991950dc804521e1f1fc39 to Response _db32c20879a9776b762e25ac25f71ad8
2023-05-29 02:02:10,217 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e638d6b60e991950dc804521e1f1fc39
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2023-05-29 02:02:10,219 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2023-05-29 02:02:10,223 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2023-05-29 02:02:10,225 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.83.144.189
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to idf4b2e5ab071f4b91a068235515fd2770
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e638d6b60e991950dc804521e1f1fc39
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e638d6b60e991950dc804521e1f1fc39 did not already contain Conditions, one was added
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:07:10.215Z, to Assertion _e638d6b60e991950dc804521e1f1fc39
2023-05-29 02:02:10,225 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e638d6b60e991950dc804521e1f1fc39 already contained Conditions, nothing was done
2023-05-29 02:02:10,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:02:10,227 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e638d6b60e991950dc804521e1f1fc39 already contained Conditions, nothing was done
2023-05-29 02:02:10,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:02:10,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2023-05-29 02:02:10,227 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e638d6b60e991950dc804521e1f1fc39
2023-05-29 02:02:10,230 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session df88298bc6d72e681f2bf3e10b4138de803972f5de46190e135fd66a3d1e3af7
2023-05-29 02:02:10,230 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session df88298bc6d72e681f2bf3e10b4138de803972f5de46190e135fd66a3d1e3af7
2023-05-29 02:02:10,230 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:02:10,232 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2023-05-29 02:02:10,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:02:10,233 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:02:10,233 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:02:10,234 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:02:10,239 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:02:10,239 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:02:10,242 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_db32c20879a9776b762e25ac25f71ad8"
2023-05-29 02:02:10,243 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _db32c20879a9776b762e25ac25f71ad8 and Element was [saml2p:Response: null]
2023-05-29 02:02:10,243 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_db32c20879a9776b762e25ac25f71ad8"
2023-05-29 02:02:10,243 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _db32c20879a9776b762e25ac25f71ad8 and Element was [saml2p:Response: null]
2023-05-29 02:02:10,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:02:10,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2023-05-29 02:02:10,248 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:02:10,250 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1KRU8ybDFHeUU5WnNPaFhsWm0xR0syempFSmZpbGJ2R2VabFJGbzhoY0NjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1lcElBejcyWUVwJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-05-29 02:02:10,251 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1KRU8ybDFHeUU5WnNPaFhsWm0xR0syempFSmZpbGJ2R2VabFJGbzhoY0NjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1lcElBejcyWUVwJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1KRU8ybDFHeUU5WnNPaFhsWm0xR0syempFSmZpbGJ2R2VabFJGbzhoY0NjJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1lcElBejcyWUVwJnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2023-05-29 02:02:10,256 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_db32c20879a9776b762e25ac25f71ad8"
    InResponseTo="idf4b2e5ab071f4b91a068235515fd2770"
    IssueInstant="2023-05-29T02:02:10.215Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_db32c20879a9776b762e25ac25f71ad8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>eV4LFNv7JmFR9fuHnGz2EfjPSBFpkNTIR9/nywTSl1g=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>FakVjnFh4EBXJBgutK63xnTvtZCxTqrphSuQBnnX5oxz2oxtJ/+/L9uGE3+IR79ADfCTJhOs6vyWcfcR/GPRMHuXrDGSv7hJF1yPCGv99j1WmkJAQhVab3CVYUWllaA/d/5sb0uGyH+FPy3gZU4i3mX9ejBVuRS+KQQbedo5Y29AehMiNRVCAc/MLA2ZmKVrVZV7jY9112hI603rKHOlTPm4Hurw6DOiJdA7mGoRt0k6OX+VXC5N715un5fDdQEqDnhhjB0NThD5cnfTWhkvd3I4LfEDI+NwpII7RYmCrSwjDilt/dd82+MrRGMcFe/5DpaQ30TLbRz2n5fsvtWqVw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e638d6b60e991950dc804521e1f1fc39"
        IssueInstant="2023-05-29T02:02:10.215Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.83.144.189"
                    InResponseTo="idf4b2e5ab071f4b91a068235515fd2770"
                    NotOnOrAfter="2023-05-29T02:07:10.225Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:02:10.215Z" NotOnOrAfter="2023-05-29T02:07:10.215Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:02:09.402Z" SessionIndex="_0a4e560deade4ed86200efba4c8a1d90">
            <saml2:SubjectLocality Address="20.83.144.189"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:02:10,257 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:02:10,259 - INFO [Shibboleth-Audit.SSO:?] - 20230529T020210Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|idf4b2e5ab071f4b91a068235515fd2770|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_db32c20879a9776b762e25ac25f71ad8|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_e638d6b60e991950dc804521e1f1fc39|
2023-05-29 02:08:53,688 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-262070-a4VL4iyr-kKnx3jsWE64Gp0iuIemn9Up
2023-05-29 02:08:53,688 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:08:53,688 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:08:53,688 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_f67e6a53313e4b8da89cea4479c25d503bd91d9"
    IsPassive="false" IssueInstant="2023-05-29T02:08:53.042Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f67e6a53313e4b8da89cea4479c25d503bd91d9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>cDSHgrAhStRAA0JzwcNFnO/rCyUeTBvFhcYy5foW4Do=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GH3lyiyeGUCMz/csQXqdxRMewilL8kt0gnqNyFob49Ffch5MaqEMCax2C6VeiPqIYQD39j8ygMyOFtVCy9I28SJQmBKYcU6wRxUoiezVUVDK9YBiPsH5owvJ7sxD5QkZrslZIiAwPCyJRrV0FfEyjIF85MX8XdceNfq6HSvEB48W0F+arKZRsHM5qvB2rBuUgjfu0wJuYQEGrNRsUPUymco0NjRgfiTpapIPGYFIDZsNibA4X/2uykPZ3BEVsZZtHs67Y/HHbOEW1nb5fmGY+hmoRDN166wL+dmIbxpx14Mntp4r77zIkxsyMYtQQ14wypmIOOVHHReC4kdjhWil8Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIGxTCCBK2gAwIBAgIQe0B4acKydITAr116IhaDFTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjMwMTMxMjMwMDAwWhcNMjQwMTMxMjI1OTU5WjCBljELMAkGA1UEBhMCRlIxDjAMBgNV
BAcMBVBBUklTMRIwEAYDVQQKDAlUUkFWRUxET08xHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAw
NTkxMDAuBgNVBAMMJ1RSQVZFTERPTyAtIFNBTUwgU0lHTklORyBBTkQgRU5DUllQVElPTjETMBEG
A1UEBRMKQzI2MjU0MTAzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcgp3CNVODF
WVk79Fylw+v7oGKsSWkwvJDZumgvf26XkeTJyrtSlvShNqSEQ8az5vXez6ey8DeMaPpsK4F2DxZO
BiOSKsliDTKU5srLAnkZXE7gYbzqqDeD24zcMyP8lzugY9OsZZYo70bkSuJrgeCqy9TzvYMHOt3p
k3Cj5Vs6FR5+EpGKjxWI1sVT4diU9p3qUmOMEUo5Y99o7AQqT8H3sJKGmdJtZGvmBDht4R/+7UPJ
khR6JTmarC5GBGlZMtQ6regmRTaGR9tZ05wXZrO4TwtPvl+qg2NL0jsRPf8bZJEkcobsQ7xBdj/4
/fnmB3n6doiy60D/GBmfDwgcoRcCAwEAAaOCAiUwggIhMIHkBggrBgEFBQcBAQSB1zCB1DA4Bggr
BgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIwNgYI
KwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAuBggr
BgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAwBggrBgEFBQcwAYYk
aHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMB8GA1UdIwQYMBaAFKzsho9LNxy4
fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUB
AgEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRp
ZmljYXRpb24wZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp
Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU6nK0K31+xwEwlp7R
5QfDyrESC9EwDQYJKoZIhvcNAQELBQADggIBAGYUca64cj73s6dpL9kdCl/l6TXyeaytKKN4Ffb5
qU4XGKh7BGNhXqp7TnUuFu76DvOj4D5Y5sv1Sam6Miu6uyMmCMt+hjg4vuERSj+Xz+asb0mepJD1
cC6t/yrew1/iTDv4qifRea83yiVrGz1vy1UX0svDtj7bOtXWrcIocZOXtgAdzbRNOb1rwaX5znTt
N/cPYYeB7r5j9wQb0QWna/Q5cyih/HJsMhcKagMURG1CSsaBnXihESJLemnzjcnP/Vywfp5Q3c+B
KgkEFkdNtqSskdR9e7YG/PdG6rUCN9Hhu2dnSBSvpg3TyA8t1+WXsY2LAesn7t9X0bt0k5rSZZM1
ZKGsItj+u1YRw+Dh8dEZpRsh9yGOqsCA05rE3/F3QYWjSZU6gbXqBcPXt5iZCrq2flKT41FroMeP
kD7+eS3ipIcjK4Qb7rnNSHqUairFSD5ve4qjqU20Tk/PzqjNK+fltsSRu6ZtOoN+FMkt+A3Yufk7
ekTTuzbsX+bi8mRE88icMeSEiyJRqWxhw0BUsbH5dQCsDqIhgo7/CXsQ3oj8narz0j8Ma0UkOZQz
aLvZMv2YA8Xt/GCWyyyCbwdKLSTTULmCOIrpwkpiiBAcv5md6c//Uo6s6BiMmD0sG6oh2SKnYFH4
QRBrwNTxk6yh/DL9p3W5TzbTmiuc7RAJXiLJ</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2023-05-29 02:08:53,696 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:08:53,696 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:08:53,696 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:08:53,697 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f67e6a53313e4b8da89cea4479c25d503bd91d9', issue instant '2023-05-29T02:08:53.042Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:08:53,697 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f67e6a53313e4b8da89cea4479c25d503bd91d9 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f67e6a53313e4b8da89cea4479c25d503bd91d9 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2023-05-29 02:08:53,698 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2023-05-29 02:08:53,698 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:08:53,698 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:08:53,698 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:08:53,698 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:08:53,698 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:08:53,698 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f67e6a53313e4b8da89cea4479c25d503bd91d9 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f67e6a53313e4b8da89cea4479c25d503bd91d9 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_f67e6a53313e4b8da89cea4479c25d503bd91d9"
2023-05-29 02:08:53,699 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:08:53,699 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323632353431303336,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700059,O=TRAVELDOO,L=PARIS,C=FR']
2023-05-29 02:08:53,699 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:08:53,700 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2023-05-29 02:08:53,700 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:10:30,190 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2023-05-29 02:10:30,190 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:10:30,191 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:10:30,191 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="true" ID="a24g8c764d191c92550i2hh1h8ai2aa"
    IsPassive="false" IssueInstant="2023-05-29T02:10:28.500Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://dev.ogloba.com/gc-thegc-rgw/saml/metadata</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#a24g8c764d191c92550i2hh1h8ai2aa">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>7yEeBjHs2odJ8CSMrFNsrRRquGuh8CiCHPqFMVW2wGz+JIdbOjHzriqWirwZh1KI52qv6bkMDEBL4GtAchHnfw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Q5XU6qTzp+V49TWmsk1slkjxug3edXgh92fNZv6x+wyhAEJ1vAkaFNOPBh8m91v+7lQEldku097VAmZVcXVxFLf0OacMO/Ml9Y2aOiFe7aFK3qkLz4OW7aBe5Tk2u6iD39DIN+u2HO7wUBQ1RLgGviZwQHerDIuouPIJf2eAcftZQBTUi1VLjAK8th5Tl11mmEFH9+cqbHISCuWoIRA7o9A8yb378M78XSEYswDutabxhPPa/RCSOcZQ83TCiAhm7i6z5Fph0Q+5z4bL60Zmv3tpP2Z2r6hPD6ILZV86I1NABVFAvYJZrsZ0tQtkzyNpuvsZNHmrQWjCs+dqOshFWg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2023-05-29 02:10:30,207 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://dev.ogloba.com/gc-thegc-rgw/saml/metadata' from origin source
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:10:30,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:10:30,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dev.ogloba.com/gc-thegc-rgw/saml/metadata
2023-05-29 02:10:30,208 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:30,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:10:30,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:10:30,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:10:30,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:10:30,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a24g8c764d191c92550i2hh1h8ai2aa', issue instant '2023-05-29T02:10:28.500Z', entityID 'https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://dev.ogloba.com/gc-thegc-rgw/saml/metadata, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://dev.ogloba.com/gc-thegc-rgw/saml/metadata' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a24g8c764d191c92550i2hh1h8ai2aa"
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a24g8c764d191c92550i2hh1h8ai2aa and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a24g8c764d191c92550i2hh1h8ai2aa"
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a24g8c764d191c92550i2hh1h8ai2aa and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a24g8c764d191c92550i2hh1h8ai2aa"
2023-05-29 02:10:30,209 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://dev.ogloba.com/gc-thegc-rgw/saml/metadata
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:10:30,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:10:30,212 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:10:30,212 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:10:30,213 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:10:30,213 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:10:30,213 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:10:30,215 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:10:30,215 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:10:30,215 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:10:30,215 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:10:30,215 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:10:30,215 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://dev.ogloba.com/gc-thegc-rgw/saml/metadata
2023-05-29 02:10:30,215 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:10:30,215 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:10:30,215 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:10:30,215 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:10:30,220 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:10:30,220 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:10:30.220Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:10:30,220 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2023-05-29 02:10:30,221 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:10:30,222 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:10:30,378 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'dev.ogloba.com'
2023-05-29 02:10:30,378 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:10:30,378 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:10:32,555 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: SSOT_801929078
2023-05-29 02:10:32,555 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:10:32,555 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:10:32,555 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<urn:AuthnRequest
    AssertionConsumerServiceURL="https://iam.atypon.com/action/saml2post"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_-4169766930023345889" IssueInstant="2023-05-29T02:10:31.116Z"
    Version="2.0" xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol">
    <urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.atypon.com/shibboleth</urn1:Issuer>
    <urn:NameIDPolicy Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
    <urn:Scoping>
        <urn:RequesterID>https://journals.sagepub.com/shibboleth</urn:RequesterID>
    </urn:Scoping>
</urn:AuthnRequest>

2023-05-29 02:10:32,557 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.atypon.com/shibboleth' from origin source
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:10:32,557 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2023-05-29 02:10:32,557 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.atypon.com/shibboleth
2023-05-29 02:10:32,558 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:32,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:10:32,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:10:32,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:10:32,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:10:32,558 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_-4169766930023345889', issue instant '2023-05-29T02:10:31.116Z', entityID 'https://iam.atypon.com/shibboleth'
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.atypon.com/shibboleth' does not require AuthnRequests to be signed
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:10:32,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:10:32,559 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:32,559 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post' not permitted by input criteria
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.atypon.com/action/saml2post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.atypon.com/shibboleth
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:10:32,560 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:10:32,560 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:10:32,561 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:10:32,566 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:10:32.566Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:10:32,566 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:10:32,567 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:10:32,567 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:10:32,568 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:10:32,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'Atypon SP'
2023-05-29 02:10:32,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:10:32,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2023-05-29 02:10:32,762 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2023-05-29 02:11:10,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:f6644ff08e77973f812f2a63d7b1e72970b3e43927a8e72ace3cb3b781c9cdc9
2023-05-29 02:11:10,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:11:10,220 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:11:10,220 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://serviceprovider.opentech.it/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_c82d47deb0d9b584e40c38b3a44f02ad"
    IssueInstant="2023-05-29T02:11:09Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://serviceprovider.opentech.it/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-05-29 02:11:10,231 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://serviceprovider.opentech.it/shibboleth' from origin source
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:11:10,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:11:10,232 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://serviceprovider.opentech.it/shibboleth
2023-05-29 02:11:10,233 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_c82d47deb0d9b584e40c38b3a44f02ad', issue instant '2023-05-29T02:11:09.000Z', entityID 'https://serviceprovider.opentech.it/shibboleth'
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://serviceprovider.opentech.it/shibboleth' does not require AuthnRequests to be signed
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:11:10,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://serviceprovider.opentech.it/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:11:10,234 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-05-29 02:11:10,234 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-05-29 02:11:10,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:11:10,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:11:10,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:11:10,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:11:10,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:11:10,235 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://serviceprovider.opentech.it/shibboleth
2023-05-29 02:11:10,235 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:11:10,238 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-05-29 02:11:10,238 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-05-29 02:11:10,238 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:11:10,242 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:11:10,244 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:11:10.244Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:11:10,244 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:11:10,244 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:11:10,244 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:11:10,245 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:11:10,405 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'serviceprovider.opentech.it'
2023-05-29 02:11:10,405 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:11:10,405 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:11:20,213 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:11:20,214 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:11:20,214 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:11:20,214 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e"
    IssueInstant="2023-05-29T02:11:19Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://login.placer.ai/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2023-05-29 02:11:20,228 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://login.placer.ai/' from origin source
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:11:20,228 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:11:20,228 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://login.placer.ai/
2023-05-29 02:11:20,229 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:20,229 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:11:20,230 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:11:20,230 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:11:20,230 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:11:20,230 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e', issue instant '2023-05-29T02:11:19.000Z', entityID 'https://login.placer.ai/'
2023-05-29 02:11:20,231 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://login.placer.ai/' does not require AuthnRequests to be signed
2023-05-29 02:11:20,231 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:11:20,232 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:11:20,232 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:11:20,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:11:20,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:11:20,233 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:11:20,233 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:11:20,234 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:11:20,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:11:20,235 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://login.placer.ai/
2023-05-29 02:11:20,235 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:11:20,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:11:20,240 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:11:20,245 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:11:20.245Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:11:20,245 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:11:20,246 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:11:20,246 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:11:20,246 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:11:20,247 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:11:20,247 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:20,247 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:11:20,247 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:11:20,247 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:11:20,248 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:11:20,309 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:11:20,310 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:11:20,310 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:11:27,744 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:11:27,744 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:11:27,744 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@186594464::identifier=rick, context=org.apache.velocity.VelocityContext@574cf2df]
2023-05-29 02:11:27,758 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@186594464::identifier=rick, context=org.apache.velocity.VelocityContext@574cf2df]
2023-05-29 02:11:27,760 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:11:27,760 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:11:27,760 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:11:27,760 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:11:27,761 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:11:27,761 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:11:27,761 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:11:27,761 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7823c6aad4be17c6d26c342972308fc63319593886930f0073e0baf10eb51036 for principal rick
2023-05-29 02:11:27,761 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7823c6aad4be17c6d26c342972308fc63319593886930f0073e0baf10eb51036
2023-05-29 02:11:27,762 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:11:27,763 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:27,764 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:11:27,764 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@cbf61eb'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:11:27,766 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:11:27,829 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:11:29,126 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:11:29,126 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:11:29,126 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021129Z|https://login.placer.ai/|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://login.placer.ai/, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862289127}'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://login.placer.ai/'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://login.placer.ai/]' as '["rick:https://login.placer.ai/"]'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@cbf61eb'
2023-05-29 02:11:29,127 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:11:29,127 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:11:29,128 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:11:29,128 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:11:29,129 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ce473b01cfd1c17f2d1458b24a19b613
2023-05-29 02:11:29,129 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ce473b01cfd1c17f2d1458b24a19b613 to Response _0881475abdb448d3e4eb4207132f7043
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ce473b01cfd1c17f2d1458b24a19b613
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:11:29,129 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:11:29,130 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 34.133.52.28
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ce473b01cfd1c17f2d1458b24a19b613
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ce473b01cfd1c17f2d1458b24a19b613 did not already contain Conditions, one was added
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:16:29.127Z, to Assertion _ce473b01cfd1c17f2d1458b24a19b613
2023-05-29 02:11:29,130 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ce473b01cfd1c17f2d1458b24a19b613 already contained Conditions, nothing was done
2023-05-29 02:11:29,131 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:11:29,131 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ce473b01cfd1c17f2d1458b24a19b613 already contained Conditions, nothing was done
2023-05-29 02:11:29,131 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:11:29,131 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://login.placer.ai/ as an Audience of the AudienceRestriction
2023-05-29 02:11:29,131 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ce473b01cfd1c17f2d1458b24a19b613
2023-05-29 02:11:29,131 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://login.placer.ai/ to existing session 7823c6aad4be17c6d26c342972308fc63319593886930f0073e0baf10eb51036
2023-05-29 02:11:29,131 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://login.placer.ai/ in session 7823c6aad4be17c6d26c342972308fc63319593886930f0073e0baf10eb51036
2023-05-29 02:11:29,131 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:11:29,132 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://login.placer.ai/ and key rsanchez@samltest.id
2023-05-29 02:11:29,132 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:11:29,132 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:11:29,132 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:11:29,132 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:11:29,133 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:11:29,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:11:29,134 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0881475abdb448d3e4eb4207132f7043"
2023-05-29 02:11:29,134 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0881475abdb448d3e4eb4207132f7043 and Element was [saml2p:Response: null]
2023-05-29 02:11:29,134 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0881475abdb448d3e4eb4207132f7043"
2023-05-29 02:11:29,134 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0881475abdb448d3e4eb4207132f7043 and Element was [saml2p:Response: null]
2023-05-29 02:11:29,136 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:11:29,136 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume' with encoded value 'https&#x3a;&#x2f;&#x2f;login.placer.ai&#x2f;2&#x2f;guru&#x2f;saml&#x2f;sso&#x2f;62319c9bbfe9df002bf6ec9d&#x2f;saml_consume'
2023-05-29 02:11:29,136 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:11:29,138 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    ID="_0881475abdb448d3e4eb4207132f7043"
    InResponseTo="ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e"
    IssueInstant="2023-05-29T02:11:29.127Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_0881475abdb448d3e4eb4207132f7043">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>6tAiQ854lP1A71XnBMg64XMDk/1Y4DT1Eod/WOhyZKQ=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>KsZ2BsjUitXzGwNbYDr3+TnkqiyPGfSKg8TEW3zt5PLTD3SDBDWNelod6KvtNCfbMQiXYR0I2UK3yczSGjHbPQHZj9g9DxZSuRNHIatMKBKPi8ju1zOtHqG4eA5um/Y3z17LjZOGeDR75LpqmxMPkFyHSAtdFJVCoxskZFXjjOLTbW+qwIX3k7uqfcO0/KX1A084imE4O0LjPjZ7yEoWMkWmr9F0m75LCfXktqowX7uBoQGedZy/Hv0efDOqrZzFST/j1Xu7NbzEnvD4xN7/TIbGXXkRSsK1N70ECkS2d4+5c11wUdwrnzTE1RKFMwKa2oFGPQaaMLRbRvs0TWfvFQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ce473b01cfd1c17f2d1458b24a19b613"
        IssueInstant="2023-05-29T02:11:29.127Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://login.placer.ai/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="34.133.52.28"
                    InResponseTo="ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e"
                    NotOnOrAfter="2023-05-29T02:16:29.130Z" Recipient="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:11:29.127Z" NotOnOrAfter="2023-05-29T02:16:29.127Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://login.placer.ai/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:11:27.760Z" SessionIndex="_d654ca30e52f840d1843e4a7f0715273">
            <saml2:SubjectLocality Address="34.133.52.28"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:11:29,138 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:11:29,138 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021129Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ONELOGIN_876e72f33e0af541c4850f7bf76d7dbf25faa35e|https://login.placer.ai/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_0881475abdb448d3e4eb4207132f7043|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|rsanchez@samltest.id|_ce473b01cfd1c17f2d1458b24a19b613|
2023-05-29 02:12:58,619 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-05-29 02:12:58,619 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2023-05-29 02:12:58,620 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://login.placer.ai/, acsURL=null, relayState=null, time=2023-05-29T02:12:58.619Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_f5f3a5f1-a27f-4fcf-b530-3779d9f78a73"
    IssueInstant="2023-05-29T02:12:58.619Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://login.placer.ai/</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-05-29 02:12:58,620 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-05-29 02:12:58,626 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://login.placer.ai/' from origin source
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:12:58,626 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:12:58,627 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://login.placer.ai/
2023-05-29 02:12:58,627 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_f5f3a5f1-a27f-4fcf-b530-3779d9f78a73', issue instant '2023-05-29T02:12:58.619Z', entityID 'https://login.placer.ai/'
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://login.placer.ai/' does not require AuthnRequests to be signed
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:12:58,628 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:12:58,629 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:12:58,629 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:12:58,629 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:12:58,637 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:12:58,637 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:12:58,637 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:12:58,637 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:12:58,637 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:12:58,637 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://login.placer.ai/
2023-05-29 02:12:58,638 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:12:58,638 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:12:58,638 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:12:58,638 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:12:58,649 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:12:58,653 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:12:58.653Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:12:58,655 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:12:58,655 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:12:58,656 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:12:58,657 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:12:58,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:12:58,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:12:58,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:13:04,663 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:13:04,663 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:13:04,663 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1442227448::identifier=rick, context=org.apache.velocity.VelocityContext@6ef17a56]
2023-05-29 02:13:04,664 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1442227448::identifier=rick, context=org.apache.velocity.VelocityContext@6ef17a56]
2023-05-29 02:13:04,665 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:13:04,665 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:13:04,665 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:13:04,665 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:13:04,666 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:13:04,666 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:13:04,666 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:13:04,666 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2c2db2d263d1855f754a027bf48c4b522f3b037b873367a9315d5a5fdf8715a9 for principal rick
2023-05-29 02:13:04,666 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2c2db2d263d1855f754a027bf48c4b522f3b037b873367a9315d5a5fdf8715a9
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:13:04,667 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@30588a28'
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:13:04,668 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:13:04,669 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:13:04,669 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:13:04,669 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:13:04,669 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:13:04,669 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:13:04,745 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:13:06,054 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:13:06,054 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:13:06,054 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021306Z|https://login.placer.ai/|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://login.placer.ai/, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862386055}'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://login.placer.ai/'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://login.placer.ai/]' as '["rick:https://login.placer.ai/"]'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@30588a28'
2023-05-29 02:13:06,055 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:13:06,055 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:13:06,064 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:13:06,064 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2023-05-29 02:13:06,064 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:13:06,065 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d400e070597b1c90edc8a8d2c8ff7bcd
2023-05-29 02:13:06,065 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d400e070597b1c90edc8a8d2c8ff7bcd to Response _5481475220712b1f97e0a23846181af0
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d400e070597b1c90edc8a8d2c8ff7bcd
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:13:06,065 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2023-05-29 02:13:06,066 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:13:06,066 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:13:06,066 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:13:06,066 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 34.132.209.212
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d400e070597b1c90edc8a8d2c8ff7bcd
2023-05-29 02:13:06,066 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d400e070597b1c90edc8a8d2c8ff7bcd did not already contain Conditions, one was added
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:18:06.055Z, to Assertion _d400e070597b1c90edc8a8d2c8ff7bcd
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d400e070597b1c90edc8a8d2c8ff7bcd already contained Conditions, nothing was done
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d400e070597b1c90edc8a8d2c8ff7bcd already contained Conditions, nothing was done
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://login.placer.ai/ as an Audience of the AudienceRestriction
2023-05-29 02:13:06,067 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d400e070597b1c90edc8a8d2c8ff7bcd
2023-05-29 02:13:06,067 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://login.placer.ai/ to existing session 2c2db2d263d1855f754a027bf48c4b522f3b037b873367a9315d5a5fdf8715a9
2023-05-29 02:13:06,067 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://login.placer.ai/ in session 2c2db2d263d1855f754a027bf48c4b522f3b037b873367a9315d5a5fdf8715a9
2023-05-29 02:13:06,067 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:13:06,068 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://login.placer.ai/ and key rsanchez@samltest.id
2023-05-29 02:13:06,068 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:13:06,068 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:13:06,068 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:13:06,068 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:13:06,069 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:13:06,069 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:13:06,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5481475220712b1f97e0a23846181af0"
2023-05-29 02:13:06,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5481475220712b1f97e0a23846181af0 and Element was [saml2p:Response: null]
2023-05-29 02:13:06,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5481475220712b1f97e0a23846181af0"
2023-05-29 02:13:06,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5481475220712b1f97e0a23846181af0 and Element was [saml2p:Response: null]
2023-05-29 02:13:06,071 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:13:06,071 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume' with encoded value 'https&#x3a;&#x2f;&#x2f;login.placer.ai&#x2f;2&#x2f;guru&#x2f;saml&#x2f;sso&#x2f;62319c9bbfe9df002bf6ec9d&#x2f;saml_consume'
2023-05-29 02:13:06,071 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:13:06,073 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    ID="_5481475220712b1f97e0a23846181af0"
    IssueInstant="2023-05-29T02:13:06.055Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5481475220712b1f97e0a23846181af0">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>A14j/UPEiBpMmfZiZEFHFpvmcdHmO5oUHKJsxvT8CPk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cW4ysVXQVrQDumG+DkAuEj2EFetBvCi6yFjk+vUHpOPJ83lD0dvqtfPiqQCxdp0A7yn3h5rnYtC1mxfsPB1/uQtxDo6mzxfrVdguDMvvu1NGdHqAvcnxRKaqMX3nORlKESqAzhixDmXgRa0x4rZ5Bgws6xCf5SYUhjA+pSxn6q8outJLu7obHpaLWJtC5krvj6npfeIuthsnyk/9vL9+c9lm9+YBExSORkDTXCiorhlQ3u66VcEk2etfDq2f75zpwddZpG0FOSduJofl9b+RqGlsS36kNCYBNOaEdBOCX2EhBHf+VjXnpLcRaCcCHg+w2aHdC3ZEYrju92GmNLh+Kw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d400e070597b1c90edc8a8d2c8ff7bcd"
        IssueInstant="2023-05-29T02:13:06.055Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://login.placer.ai/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="34.132.209.212"
                    NotOnOrAfter="2023-05-29T02:18:06.066Z" Recipient="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:13:06.055Z" NotOnOrAfter="2023-05-29T02:18:06.055Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://login.placer.ai/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:13:04.665Z" SessionIndex="_a7c32c9d8d93d197da80b2e8ccd83d23">
            <saml2:SubjectLocality Address="34.132.209.212"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:13:06,073 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:13:06,073 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021306Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_f5f3a5f1-a27f-4fcf-b530-3779d9f78a73|https://login.placer.ai/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5481475220712b1f97e0a23846181af0|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|rsanchez@samltest.id|_d400e070597b1c90edc8a8d2c8ff7bcd|
2023-05-29 02:14:24,038 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:14:24,039 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:14:24,039 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@165747890::identifier=rick, context=org.apache.velocity.VelocityContext@4f2c8a46]
2023-05-29 02:14:24,049 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@165747890::identifier=rick, context=org.apache.velocity.VelocityContext@4f2c8a46]
2023-05-29 02:14:24,051 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:14:24,051 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:14:24,051 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:14:24,051 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:14:24,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:14:24,052 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:14:24,052 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:14:24,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f0ca8b80d323327cb7ea2fa55f87ce0a89ed5c4aefcad82b2b9feaa8fe83d5a6 for principal rick
2023-05-29 02:14:24,052 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f0ca8b80d323327cb7ea2fa55f87ce0a89ed5c4aefcad82b2b9feaa8fe83d5a6
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:14:24,053 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:14:24,054 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7bd67ebd'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:14:24,055 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:14:24,056 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:14:24,056 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'dev.ogloba.com'
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:14:24,215 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:14:26,081 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:14:26,082 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021426Z|https://dev.ogloba.com/gc-thegc-rgw/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862466082}'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata]' as '["rick:https://dev.ogloba.com/gc-thegc-rgw/saml/metadata"]'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7bd67ebd'
2023-05-29 02:14:26,082 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:14:26,083 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:14:26,092 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:14:26,093 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8fbd0c1b8a4fdfb7c52c272434b10203
2023-05-29 02:14:26,093 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8fbd0c1b8a4fdfb7c52c272434b10203 to Response _2dfd3be38b6d230350b6cee44aeec417
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8fbd0c1b8a4fdfb7c52c272434b10203
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:14:26,093 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:14:26,094 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:14:26,094 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:14:26,094 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:14:26,094 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:14:26,094 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:14:26,094 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2023-05-29 02:14:26,094 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2023-05-29 02:14:26,095 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:14:26,095 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxXi8KFQcsq2nZ1ERc2dKdTnJQ+HJZcLt5cB/W1KoxIUddAZxYJoQWehzOx2xAOzkb+9+x5zFCZJpjT5JmwNiv6loaz+BtbeiRUvU0gIxC9ssHBJfCSICsQseT7vTMeNbvfN+bTJkJ79hLpOxLoSBnbGC8 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 211.20.7.217
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to a24g8c764d191c92550i2hh1h8ai2aa
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8fbd0c1b8a4fdfb7c52c272434b10203
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8fbd0c1b8a4fdfb7c52c272434b10203 did not already contain Conditions, one was added
2023-05-29 02:14:26,095 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:19:26.083Z, to Assertion _8fbd0c1b8a4fdfb7c52c272434b10203
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8fbd0c1b8a4fdfb7c52c272434b10203 already contained Conditions, nothing was done
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8fbd0c1b8a4fdfb7c52c272434b10203 already contained Conditions, nothing was done
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://dev.ogloba.com/gc-thegc-rgw/saml/metadata as an Audience of the AudienceRestriction
2023-05-29 02:14:26,096 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8fbd0c1b8a4fdfb7c52c272434b10203
2023-05-29 02:14:26,097 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://dev.ogloba.com/gc-thegc-rgw/saml/metadata to existing session f0ca8b80d323327cb7ea2fa55f87ce0a89ed5c4aefcad82b2b9feaa8fe83d5a6
2023-05-29 02:14:26,097 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://dev.ogloba.com/gc-thegc-rgw/saml/metadata in session f0ca8b80d323327cb7ea2fa55f87ce0a89ed5c4aefcad82b2b9feaa8fe83d5a6
2023-05-29 02:14:26,097 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:14:26,097 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://dev.ogloba.com/gc-thegc-rgw/saml/metadata and key AAdzZWNyZXQxXi8KFQcsq2nZ1ERc2dKdTnJQ+HJZcLt5cB/W1KoxIUddAZxYJoQWehzOx2xAOzkb+9+x5zFCZJpjT5JmwNiv6loaz+BtbeiRUvU0gIxC9ssHBJfCSICsQseT7vTMeNbvfN+bTJkJ79hLpOxLoSBnbGC8
2023-05-29 02:14:26,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:14:26,097 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:14:26,098 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8fbd0c1b8a4fdfb7c52c272434b10203"
2023-05-29 02:14:26,098 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8fbd0c1b8a4fdfb7c52c272434b10203 and Element was [saml2:Assertion: null]
2023-05-29 02:14:26,098 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8fbd0c1b8a4fdfb7c52c272434b10203"
2023-05-29 02:14:26,098 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8fbd0c1b8a4fdfb7c52c272434b10203 and Element was [saml2:Assertion: null]
2023-05-29 02:14:26,105 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_2dfd3be38b6d230350b6cee44aeec417"
    InResponseTo="a24g8c764d191c92550i2hh1h8ai2aa"
    IssueInstant="2023-05-29T02:14:26.083Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8fbd0c1b8a4fdfb7c52c272434b10203"
        IssueInstant="2023-05-29T02:14:26.083Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8fbd0c1b8a4fdfb7c52c272434b10203">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>22kj1HN3MS78eMDaYVp3i+XICGlt4+fdTL/kycQ7DDQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Vqt3n+y5A6DZ+87Wpz8eSed/9A3DNMtsWizlVfa3Qnvd25KEVciU7hhEbfe36+CD5F4j6f0p4sGhtssC9/60ixJ/2AJpdIR/e2F4mLpUIUwOLfk2XaUmQvAZbWhh3V0pz50MQHVsYk+10+19I1if6+6RDfBBIKix7yJ5FUkTawFuSfHgk29Gjs1q6hOzuQaJmuYKwuyEwH05y5NK18QtH7/5Mq1oorWffThon5uMpBu07WyIyiqyI9D1SRWk/GaktYnmSUen2VmwXDJ2QbzgePI6hOdTUI/ArDQvyaGgRREqcnWNYNCFgGk7hwqOgW5/VlsaOW2uYDvgKaFDjmspDA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://dev.ogloba.com/gc-thegc-rgw/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxXi8KFQcsq2nZ1ERc2dKdTnJQ+HJZcLt5cB/W1KoxIUddAZxYJoQWehzOx2xAOzkb+9+x5zFCZJpjT5JmwNiv6loaz+BtbeiRUvU0gIxC9ssHBJfCSICsQseT7vTMeNbvfN+bTJkJ79hLpOxLoSBnbGC8</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="211.20.7.217"
                    InResponseTo="a24g8c764d191c92550i2hh1h8ai2aa"
                    NotOnOrAfter="2023-05-29T02:19:26.095Z" Recipient="http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:14:26.083Z" NotOnOrAfter="2023-05-29T02:19:26.083Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://dev.ogloba.com/gc-thegc-rgw/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:14:24.051Z" SessionIndex="_fef440dd9d9590e79d0dd58e566ded75">
            <saml2:SubjectLocality Address="211.20.7.217"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:14:26,108 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO
2023-05-29 02:14:26,108 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO
2023-05-29 02:14:26,108 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2dfd3be38b6d230350b6cee44aeec417"
2023-05-29 02:14:26,108 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2dfd3be38b6d230350b6cee44aeec417 and Element was [saml2p:Response: null]
2023-05-29 02:14:26,108 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2dfd3be38b6d230350b6cee44aeec417"
2023-05-29 02:14:26,108 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2dfd3be38b6d230350b6cee44aeec417 and Element was [saml2p:Response: null]
2023-05-29 02:14:26,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:14:26,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO' with encoded value 'http&#x3a;&#x2f;&#x2f;192.168.4.124&#x3a;8090&#x2f;gc-thegc-rgw&#x2f;saml&#x2f;SSO'
2023-05-29 02:14:26,112 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:14:26,114 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://192.168.4.124:8090/gc-thegc-rgw/saml/SSO"
    ID="_2dfd3be38b6d230350b6cee44aeec417"
    InResponseTo="a24g8c764d191c92550i2hh1h8ai2aa"
    IssueInstant="2023-05-29T02:14:26.083Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2dfd3be38b6d230350b6cee44aeec417">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>t8l9WZ4LVBKiASI4mtaJsvcjUKIUIkEfJ9UJomETick=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>RzAQptHfb4GsBpULH5YzdrtMNviELpN4kx1dUJBI1USNi/gH85VAMquya7ky8UA+mX2XOL1WZaxoAowB/n3G7YFZ4r88YeBIQL9U2E6OiRS1UGlIpwjB6FMnHyFsoYUp7Ueo900Z3aGZxsG4zsht31a06de39ShMsb3xnr6PBf4DqPjT3igAiKd4H8qDrfQA4dSJn3RaKCtmC3sGwSOKHaGQolLj3ryL4dQQim8c4I/pHzr+q5gwfT+bUy3EYeEAMfhK8KiLPliuFCX5iiMXOV/CF9jcUZIkN4buW47HibiVs61Q4ye3JVQPnGzIbwGNA0qBATvQS3sT/uOV0zYV2w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_49a1baa9e5c2bd1f344b95cee4af83da"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_52f0205641857184f43cad09e5d254a7"
                    Recipient="https://dev.ogloba.com/gc-thegc-rgw/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>hkZ/jpTjIGvRwxvGqnh8IE1hz0yfWWOeSdX2Mt+x4Fti8IlIaVU3EN0rp1lmw/LruLfDjZxN9BqIqH2yG7DjX25pgHFMsMhzojKuE7/zT20EgeFfecEEDH2I0YDmWSEN6q+pQAdPozqIiMp2bhd/qdW6IOIa92TZlByMFmnCn6x5N6OCmtgeSgIYTJBJ1M3ikeeqWTfylS8yDz7Cqt7myECSFpxVLMkBrK7fa1mUI/I4nuOuQuUl/duuDOE/Y/eWzBWREAKU2SFmv2IIfgQv7HjZxQlwh7TeZXaU/wstLNzp/n6xHqfuMIKd09LhtGincUvN5hPG4HJMKeq0IkzF8A==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>GiPjAdmgOrc6Vy5r6SJ7zOd1GsA7xD5OenQD/qvWu+tm2ikxJRvO97YddoZhrAxy1VWAXXdFxIQWbMx/odA8b9RYn7SfEAoJ/09idgA6PtWGXrH5XB1BMFLWw/eyeKSt2UFUCL/OwDnEc6q2vYElim0bHx5Iu0dh74rRtK0SOSguOSsYtTeZ0L6KhSjyUDXFid2oFlsXdCpH2yQeZScaW0jP4nVXnxRKaRZay9xSH9PTWUMplyjPbXaDJ//L1L7dS+AEkB/vX2b7fITQ/8Bim8cddIxmGcEj6/nBL1MqMXCFLHqNZcUL+5nf7madjFIk53s0JEMgRxvw/PbOGBsLT23PP3yRlOMw/hySmqW2SzXK1wLU5Bv9GEixdvdy4CvP+IXF/3g7lGjJBLJD2t+3tAEUAJSYorxRmFJLb7glCzQXx6U97F5/dJiLXfqdLMInxC3VebtqV5Zi+mXSep80Qx78xR5W9Hhh2qVN2P3AVhd97nrb/Y8KI6GwL2b4GASeZKOp7+jfvJTTO2vYZNlfBu/oB3YlNWyw6/0Bv5wSxBNDZYpHgjCwi5hmv+j4YOhN0IVxyVVeM1iu+2UoR9zlgvWKlVCv14MBHLgCvICA/+VV1doGih8X4KdB3v/o4uOD61o8gFa6dUmVdAaO2/1ANJ44E2iR+4R+9phw4x1GEPEIVzMx74idPWmdVQM2iWa+fergQQv+4eX89Uz3Wng1i3MNjK71zNZjEMv+OMKO89I8VCThgI40Fq9noeQQdlxqOp/B0c0AAwGgMKtyeQwz0aAXH24CG3fo1V6pU1Jxc9oih9avp6B/4hgP+oo/U5OjzB66ERi+s6oCGDDWojKRJEa0rAHPX4Aes9YhsUhaF4H5U0IVP6w3risfvZzAbYSE0aaqYSDNCMsKG6jIrMk0kuv7jpX7sWhFBLtb0yVwjzLPQoGIj3mUD9wUkxfX395cI9jASy8mtyVBaGcpE1GPl7o0F7No1J/CKgHOtXp7T/9GpxWxCT5F38V3h0RbkR+z5bphT3HSYLkHrrUewoAaMeWcNxXXX1Vm1ggUeh9UrGfRLKN8Ewhl7MlFMJXGsF6CHl5Q4SHnWLzLRL5wDe0iAxkorTnYs1F8p5XLcrA3ENjpQEsDMDfuUHRy8fPWPOCeF0V2p5yOdN3Qu8p/X5g1x0tOLjLjm/T6pltOBRKULfMhY8DmLrkTloLR0mILWNNCzgHcyZ+YnwM7qWeL6PRyLeAe9g2WQFYyNS5EDuuaspPQYGrcItHugS0ItZ9TGql26jPX8dMXeuK31BuKqin9ilXwuwtEHBxLMT5fPl8mIh8pr+8qJhL4X/bJ0KCEs5nuaaSGN4RWxXP1WygWE7GhSqEK1dDvq3nXVWtDvAIkBpb5fJZBqSlWygGAtzVl57V/fNe85gqyxkf0TmjN4ISMiIXSH5B0PFYitZ4sFv5zNTQRXh7XIb6uQmM7i9AmwazwoImuiQTs7ACnvn6zjudS3tE0eITE8BaHrDgaG88GzZILZJFPvoGrZJoTS5WZoaL5qP3ifCOtiwGlOJtdn8SWF9HsmJfanH+DjZJ4KvTHpYOEqRQlcRGih5ZwB33L/vXLmEeqyCCqG34tZvQ75MBRZgmiiYNmnVRtjaEPyjxBFm15z7WSg7jwFt+gbseBeQGAXiYE+RVaQZnCWUaBa2tZkwbB4Ycoo1uHX0JK1oqbT8t4qqZLdkhqX001uSbV7PNCjUsv6IHitUXiBApgGKWpv09zaCCYBEPNB1k1re6i0whATHBYw3NxVZrEkCWzV/MYoe/lGe75Pek35lGm6vo3LiR9yUnxOo9xpLU4HegtcF3MtXs/h/ZKl1wXhlbd24i+62Rz182nTsXVB9zcUzyWlk7Ob3Cv7gM01Qx9TetZpkI8ETvKE01lYFiYndJBXixA3D/c75SN2SAsoMsGIsyVM/9tjbFXva0qDcNk18JH+7BeQoflRLCZugVgohBQz0Ei88W9njZq6JNhfb2XPRCSSzlUfMa5xWSExQbZ0S4314nVic6U0Gzk7OPi0nzuxGOKqWeMiWrXydwJDU56ctbZCIRUr0NY3NWELoI/1W/rsgqieYo4RgVttHDPD2NnUBb1GX2zKdq9qtLnwgP9xNYz9i0MRebWqBZFRBOFNcGBesYfN2ejB2XhM9Mqv3yM7dJ2RuJaf+UI+2G6C0dITjrMPiFb9hIfTt41C+aR/lRKCJyrK5AjYZkI32JTCMv4Zld/YNKrfhZme8PYafHnENxbYd1Ya3z+bjojNuQ5Zz84x2nyqC1jgAbIdtxZEIXsYIFDr30vU/q7niJGNkYwqkWmh+IShJlZlPDEdtsbgEG2pULni08ivXZHQrSMcpefGU92UoLe49ZFVNHGkut398QZn+HC2LoTRQCVpitCViXLZPZ0n3tAnZxCayzsiczR/M0CMFDxEYGtO4AGV3TpaVmKQMKqpeZ9oKtRuzpiUBy2sUcDsGbAwnnARKaivBXcoXNAQlt9Cn8LrAuiiJ0wbmZGixbSYZvWsv5z2A6v8zLP33/6gvFm5rdNWtf6GHCAJ4ruUVFiJI2MAgR+Z+U7CTgt4RC3w6cu8JFjRU1wljUkCuMsXxQPoX9Qy/I89/XuMuOXZlf+NXhbkPYXZxk1aIGonHbLHaTZF5oDbn7yRan+maaAhvWzfU/Q9ZxnKYEh410V49Wev1YqeTclXPtO/Hky1MpqJa9ktmtRM9aUGK8Y2ZNLRWu2bYMtMMVnwFcxfEjnW+B97I3Tm8QU+YcpIRSvho7EgXWzG7tZ5RY+WkNpN04SZ+uTz6FZ1lx+07L+/Bsi1qScHJ5lx43fgJMXX4AYS6lJ3napEh2g6kj77eb5ymW7mhehm4UvGeZrAHqCmQ+Wz4tWWcX1RYh0JnBowUHdGdop9Ny/zQOI/pPK98TsWcUiYfJ6aPVQLQJTjsVMS2801z/mMGMtIk24PsBfilDHbGzv/nyOyhH6iyWS2oas8IF+Hz8TjLPytYj7WI9FeD5qGjA/gTeznuu+7U51ub8JSUjufxXhiH67EZqhukRUS6+CUCckt8+HRyR1+LqrLfkhY9pWK3B1cnQYzREx6LBraw3roVD04zuei2YALR82A/mQ4oqQW51LlHD+Iq7Vp/iCcSz/pP8K4ak7lAUvHjojbGNyODl7xyJnFVW4gbA0ZVuS2k9yuj46bMhFKTq75IKfWFnRAh6k0aHnSHTcgaJhq08h12eMv2bTfKLKX7FvV5ZY/bRyiatVFKbLKosF9RIAKxmRSspi0R1ncLWmxCrMSogvqLyiXSFBJGD35ENU3oFN7x0FINn/8aEjCKwW+S4MMfsOfuZ4xnBQnu3kYfbSlBDzTdn4wal3z1RD6CdwF841Zpcucm3E34K5hlaiTkLmz9JS2667mUInocpTKXQfS+FubsDbjkOTDbgFBiilcpOjygqoRVqVt0rUmOL942zP8swWc5A1iRVeM4M/c/dgEM6gczMt/KFB/BGfXSYuXrmrwL+Euq8L36lvghVNn3LfEakRcLMOWOvGzoHewIHr40ARlaU3bMf2AQm1YceuBfhxUskmAYEN97XpWv1iEBwWy8TS6IHFjeHLrAMzhNHVDlb/MQw3oXTmBIpv+SWqLtyx+NUU3seRPc3Y3gEu4VbTItvHH+QkfyPJdHyWpuNuRMID9w8Rf5LK+a4YPERy5iZWRn5/XiFcfWMTFP27ENKqMKxKZrOAmwOguV7d/Z8YcYfW9Mvby70JtdDXpvsrkJYm2BmU992URllt1+Yo7+o6mWvjxel46x3Oc+/L3vfyZlRXYrIpyD1eK9XeIRkVe2fP3TBuetdZ3sTDW5kcnoUvaKM9a3UGL6/pCWjHnXPkh9/J7ifW7cVCEdcCCxz878rXwy+YcfSNu6LmWA5AWup2xcPR7zBzNSvEqJKaITKzzkB/AoiT0OJmIxaWpjXhJ+NhfNEuWL2gsCioQ/UrMpvYWR7Hzt0g4IkrYUG0MqyuQ0ZOMvqMdr6ekPY8zUuEfxm01dYEv9E7Rmz2Mc0wdhL2YM++uJTMerQgDWNdnOJTqpFfnDQW5fJY86ojVtgRRXq23DIM7xpmMdfxodWjX8PviqrIaGdk7hY0oXRySrjkCC4bVW2Ey8/ZjnnurapzZWBdlHEmQXokNe1D5N1zF8qEh8FQ8FWrfOmyAJmstu9WVN0mrwOeE7WSaqp657FPzjFB5oi110m3uA/MIRf07L0FDYAW9ryclnoSZ8JO6noN+EfiVclkaxmXLeOYOdkgc4F20SjSw7NplomBvpWOfhTZHnDGnvuBgwcyVFaW1bFAXpwLyGL774fLNMLmrYjMVfnu54EGIKHv4a9eThoZib7CGOyIxuIuwli3fa58To5v2gQJiMtCUpgaL/cI1LY+U13Gy0tsXvsfJTFy+BeMLBftAuHE02/AidikVheM0+DVeqpYjMTn+KTMQeAMP+D94xTWLmeob/B1rWJuSySo2sZB/uSrywRgNTnTUXSyuji8skARkV0SjCskL5LDzgODIzozDBs7+YFfXtFU6jGlV8mxVwFFh+7aDQBpqUcCKLhQI/AXPtgkWqtW4oOgrI6KWWAUJTDQ+5551IIM+3JayFqqL/3WUJ84/eZ0udIje+66JbH+/mdsnXiuHdpR9CkYkaz+BhoSYQwQ6RsMjj9NDvXsLXYIMFNfFyL6CXH2yxZIqJ2LthmyJgCS3PR9/mzjl91TqPwVRKQsvab306Xlnfnj5BaBzdVqJMH4q9ZnRvwlrR94GNMRwy+xojjYXHqtDDgiE0Fkflklpc9JoE0rSmexjcUO+4vY7G7o9e4AfzXLRw/q1Qc4TTi+qO+RRS03X91GMK+Ed9BTQ7dxszRoEWNodkqShKxZ+LDMQ5U6RTi0v8TRtgwQYnCxLimB5Q2OmzYO07piq4X6QrrG/Zh1UzWw6FDCnbiOBNAr9KM8CTEw25JeuIoh7V6R9Br9DnQk22y04gnufJVpLpY65mHl3sktHEFUKaVGvJ65rCP+/2I13nS8HFLMdoOv0JeOJ/ior20rSj3/1Em4nhm8P8LNv19XP6a74HX2oyaEdFsFX0Bi48bBjSHqcYDHiQsvklJHL8xfM7uamtmqHopKRW5Toqy1ISZ8YJdsza1eCvBN1snOG8As1GSYRDwccYZWq1uzpKcn0E807/mYNsqnrxdmcvB9qXMi5kdtyxu+7HqWfmImpVmjsN5Xemnpl/pTHWIgSIQtjLzA7Zi06jnI8unnnDQh7tbZlgLmNp8MaWMu0YDMlfqeW6Z5vs7zqmkgTS9kVIFHStzDc4hXweJ4J25Ku372uwiPFYtz9OIcrPLG+nOz8L/p/L1/eSb0byAHrJFQtoUXSSaIDxELrbTIn9CBDeXl6n7JPj6TIpvKLKc02HqQa33s6yrwGl+zsGw8oldlGiX3I3hujYmxfAI5Frok6qGlcupHV0fkbFtjM0FJsGqktNzKN9LX2+/fuuHFwdppOpasIGSHSACRxWa2YIu9piPmhXZ5Lbuz8doh5TqEQHTntsFeiswpf7RhlVRcw3a8xqqbjEoJqw0NzR4i51qKi2bjg1SBJJD0NsaPK9NOChbyxTXrwfJZL1/fL+s9uzw5waxpoNBBO+U55feyHrWk7nOUQY3mWKHFA4IkJblnbkCKZbqKf/BwrWD2bqvhuzDPHCyRsCvoCndY2YAoskYjjCFyCpDx/niYHFuC55RIKAHEa+kkyoQJuv6C6zVY9FXxI3pWdHWil6KbdUiwJn77pD54Z1L8V6VOTIv3APmOaOeALKRYbgoa/6l3zilJOLSCdJDKvS756f1jSKqGAPVxgScQi0fWavblk/Ocpk+SMTzb45Zrc3H+WHOMsiNptxruESw/KFAj5UnRHj9rgUdi80JX+unDUGeKpDQ8N/vRGqIRTEqY6jk2tzwOZEZI2gUHO0NykuxtjmxtJvGN2ZCrlj/ue+lPX79GKoIRvXu5EpP1ynm+j7F4dOHxMmwdJNkahecZhvxdk1udcJAI1sh3GnsN612FUmUzJKDJZLPIP1GOlMV0ri0Do6EZY4uBqxbB577Pl6edbTZzCddr59mp92qOECCOZOS7VEzDGgQZ+z6AvPhOrCR/Yb4J2mothoxtE5I+sZnY87sa31jA62yV5TKu5z5fWlggEC1NoSckSjLuvNNJVe4eFpARbVNhYLR9ENXjCgVX3hiOUqU+nKOTV1OVtCDwM9uYhLF4ahQv6D4Y94H5ndYJ1aXEGgacC3mSeX88pMa2DqKTTZtZppq9FD5tWhMp0xk7/ttSQrNctPyYUTOe49iSik/WReA84Ev4JPsTo1YTc1h2mwN4Jp1SuJOuO++/z9HfDx5G2x5A2wk2xOCHNyGtunU1Jh5cEwJlt5pw+akhmNc7PvTPWFvmVrR2t8zSpSK7aaucrIo1XX0zN5FuuR53LxSOpcyhs/TZc4ecKMX/GSJD0FkZV4XknRDlKaUWhDTW1wAjbAdZV0SrENUqHGgYvS/oKei+W2ZYvhERDwmKeoDEZ4IEWfEEdOcZSAnV8SYXYWVp+m0ucddECVQQFCwzFA4DI14oTKpa5H2jQDgnYXeCvpKizxvmRhfYHEFrBAv1GW51O+wbwAKHr2jkCe3zQ+RXmvqPlR83kFgS2SU6N+37fsmHipeRaxI7FYQatNxiTpeKoEVwlCfA+xCPhhDjekj8sXetmXQd2O4QtuxsmHcnCmMQUupPhtL2sW5VxkVlsGpnjTW6XLAQjHj8W4MDuQKF8ZWZKlph7Ua8s38Xu7LThQpTRci3JPEss7lTTI13JlDXvYNGbtsBV/5fchVUFmAxPqfoZx6EJLdRSPGhH0X/PLfPlsx/Po7v4419h5FRI7TKVtpXgRGo3ykYRp8Pnbu3b82ATV2CNTXQ1lIKXpVfBfK99ltfCRgilyqaBQThHSETGEFN+VBKzCS9yeYPb+Ynj4f/2GEzpdNs29dR4ETFJmbdMlpw3B6lQkRXHkke8uPumgCFu+R5VE7vAFWpb8oBimDrHc99K43ecCnW8s05IsDrz9eRqGn/iXw+MceffVbG1qaPwhkv2gNjBt/2H6aceOYO6/ElorUfQmW19WevGRtrEDSLCmugWIwUr0w/Gwbj29iHmFJOzQ2EHES5vy6XcPXV7wZQheSS4+tAcJqKLAwd+UqFfcPgP7FWFfRCcR5KGyMVmr71WrnAZvbkld0liz14mh9Ur4Hu5td5GEmhR4TitGLacCsi8Didci6iz8IjQo+HZiGU3Ky7LsCdEylrh1JGi4ZJ2kInmaXSRHWDfa5RsfOd9gYwmD/bP4ww+QUGFN0RYIVkEFyW1Ov9ftIA9GDzNSNU2mfapREEQSFVPRoBXVHXBVTMYgOECli/XKT0UfFeFVc+WsTO/3imc764jigrbjNo0ODb4o7xFaUu5E6oAxprOdyTsbg75D/yA2qYW2ri10ytXV90sS1Cu2+GHnWSo8ayHkE4tlpXTn9pXT0Uw1rs39mifql7mslH8XYnzV3I00emh+bYo05sllG0FpL6I3uepLHzi8expGAHLx7XkzwHZiWs1zCeDT3uskWSLo/mhGHC8MoKQt9vhlyBwPuFk9Q5kibFxlE/N4JIhuemVHYFnr9+rgP1TuZa/06L8dMrVJOTm1KRVGFCl9K/VaDPKPABKRePtxddwHro14qP/w1zqydRkc1GSV4nLyiCAD2mtY769Y3nxuLmJMNDQjVT/WS8wl6NA1g8A3GaBdgfMzbspZR6KKqOPH4Tv/FlNnytMAA+qqNi0efTK0/uUCHKWb5xUG+L8NgPAqgv8Yqn0tfZ49vTHZmfKMLUO6/PR6NCeYCDy1pW03s32RP+4BS1o87IXK2VQrD//KaQB5xUZ8tfZh0o19UyMF6Un4/tD37LtuKJvHc0ZhRceWi0RvN6RVNHGx5a3E6yhm0+KKQdq7Fcao1wtAlCGhpDcXc5krbkNd3D0KVHvdNuS8BqfYDp8cVmrP1hoCDc3BYpYa1TvPiqCznLjdJm78LfjNyvPggleOa3b44t5UkTEc2XJDgWrRR/Q5m1RPEvboljbCxsGg2toxxaa2OR3AAtP0OFAt1KlBgCoe5gXJ7TWsVeKE89Sw0JNQspIWdOJGlYhiszug3Ore8pzed4oG+ebJWC8WXlUP3ZllsOZpbfUhy987WEXKErdred5NQoUhGXyKyPCz/2nWOt726Lcl6UL0IXHLWc4Ox/2PoLbbj69sED39XQctKAfmk0lh8t/sJP0E1Mlbdt021nRV6Ectvu05KKhu+A6/8UvJ+q1BHGTmB6IBCwq2nQeq5FwsrUP8VVYeE0SZXScyTQrUwd1J/eZmkRTKXuGHQcLb2MVtdi6yBaPGULSri1Kko=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:14:26,115 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:14:26,115 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021426Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|a24g8c764d191c92550i2hh1h8ai2aa|https://dev.ogloba.com/gc-thegc-rgw/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2dfd3be38b6d230350b6cee44aeec417|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxXi8KFQcsq2nZ1ERc2dKdTnJQ+HJZcLt5cB/W1KoxIUddAZxYJoQWehzOx2xAOzkb+9+x5zFCZJpjT5JmwNiv6loaz+BtbeiRUvU0gIxC9ssHBJfCSICsQseT7vTMeNbvfN+bTJkJ79hLpOxLoSBnbGC8|_8fbd0c1b8a4fdfb7c52c272434b10203|
2023-05-29 02:15:31,598 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:15:31,598 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:15:31,599 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:15:31,599 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_6f4c60a1-e5e8-45e7-969e-a51c4ba85056"
    IssueInstant="2023-05-29T02:15:31.462Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2023-05-29 02:15:31,615 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf' from origin source
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:15:31,616 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:15:31,616 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf
2023-05-29 02:15:31,618 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:31,619 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:15:31,619 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:15:31,619 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:15:31,619 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:15:31,620 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6f4c60a1-e5e8-45e7-969e-a51c4ba85056', issue instant '2023-05-29T02:15:31.462Z', entityID 'https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf' does not require AuthnRequests to be signed
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:15:31,621 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:15:31,622 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:31,622 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:15:31,623 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:15:31,623 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:15:31,624 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:15:31,624 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:15:31,625 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:15:31,625 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:15:31,625 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:15:31,625 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:15:31,625 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf
2023-05-29 02:15:31,625 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:15:31,625 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:15:31,626 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:15:31,626 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:15:31,635 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:15:31,637 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:15:31.637Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:15:31,637 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:15:31,638 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:15:31,638 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:15:31,639 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:15:31,640 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:15:31,830 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'automation-vv-01.c.ei-cs-dev01-ein.internal'
2023-05-29 02:15:31,830 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:15:31,830 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:15:33,129 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'automation-vv-01.c.ei-cs-dev01-ein.internal'
2023-05-29 02:15:33,129 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:15:33,129 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:15:36,342 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:15:36,342 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:15:36,342 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@366308954::identifier=rick, context=org.apache.velocity.VelocityContext@3e7fb297]
2023-05-29 02:15:36,352 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@366308954::identifier=rick, context=org.apache.velocity.VelocityContext@3e7fb297]
2023-05-29 02:15:36,353 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:15:36,354 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:15:36,354 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:15:36,354 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:15:36,354 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:15:36,354 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:15:36,355 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:15:36,355 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 69af3d3103a2cd300229b5cb639530db20e0e4cc5013e99b9de4f26d9cc8881c for principal rick
2023-05-29 02:15:36,355 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 69af3d3103a2cd300229b5cb639530db20e0e4cc5013e99b9de4f26d9cc8881c
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:15:36,356 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:15:36,359 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:36,359 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:15:36,359 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18f19795'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:15:36,360 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'automation-vv-01.c.ei-cs-dev01-ein.internal'
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:15:36,467 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:15:36,982 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021536Z|https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862536982}'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf]' as '["rick:https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf"]'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18f19795'
2023-05-29 02:15:36,982 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:36,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:15:36,983 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:15:36,984 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:15:36,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _871739f0687435e3a10d29d24e0fbfd1
2023-05-29 02:15:36,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _871739f0687435e3a10d29d24e0fbfd1 to Response _adfc54a72411d984e10d1b9153fd43be
2023-05-29 02:15:36,984 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _871739f0687435e3a10d29d24e0fbfd1
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:15:36,985 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:15:36,986 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 35.199.24.192
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _6f4c60a1-e5e8-45e7-969e-a51c4ba85056
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _871739f0687435e3a10d29d24e0fbfd1
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _871739f0687435e3a10d29d24e0fbfd1 did not already contain Conditions, one was added
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:20:36.983Z, to Assertion _871739f0687435e3a10d29d24e0fbfd1
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _871739f0687435e3a10d29d24e0fbfd1 already contained Conditions, nothing was done
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _871739f0687435e3a10d29d24e0fbfd1 already contained Conditions, nothing was done
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf as an Audience of the AudienceRestriction
2023-05-29 02:15:36,986 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _871739f0687435e3a10d29d24e0fbfd1
2023-05-29 02:15:36,987 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf to existing session 69af3d3103a2cd300229b5cb639530db20e0e4cc5013e99b9de4f26d9cc8881c
2023-05-29 02:15:36,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf in session 69af3d3103a2cd300229b5cb639530db20e0e4cc5013e99b9de4f26d9cc8881c
2023-05-29 02:15:36,987 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:15:36,988 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf and key rsanchez@samltest.id
2023-05-29 02:15:36,988 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:15:36,988 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:15:36,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_871739f0687435e3a10d29d24e0fbfd1"
2023-05-29 02:15:36,988 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _871739f0687435e3a10d29d24e0fbfd1 and Element was [saml2:Assertion: null]
2023-05-29 02:15:36,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_871739f0687435e3a10d29d24e0fbfd1"
2023-05-29 02:15:36,989 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _871739f0687435e3a10d29d24e0fbfd1 and Element was [saml2:Assertion: null]
2023-05-29 02:15:36,992 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_adfc54a72411d984e10d1b9153fd43be"
    InResponseTo="_6f4c60a1-e5e8-45e7-969e-a51c4ba85056"
    IssueInstant="2023-05-29T02:15:36.983Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_871739f0687435e3a10d29d24e0fbfd1"
        IssueInstant="2023-05-29T02:15:36.983Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_871739f0687435e3a10d29d24e0fbfd1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>S8gOA3L9NdBgKvyepHROKCk2gDe8Bf3kLnlBa5vdWAo=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>dlAWKE6CEKu75liKrT07VzbfBI8hMArAkSWSj4oJPo/wF2HL0ZoGrUAJMbHGFtVdhtEqDthyyUa6XC/5JA1JZkNliqJ4k6myGGNvlqC0ZnXiHuOdf/x9GW3xLjfhAxJRR00XCbpfyh11SYx/hkfZ+Uh3O1snBfWA3IElC5vpd4y3QjQlw5eqHL56q2vb3pZCESJyyXeFefm8pVcdfZzKY6rj6OsCwIsQ3NpsQWBEZWamcLBl7U/0YkBnRnSzHKLmfAU4PT4uw3sOTrg1WOdCnsNGxvMNuPxUuZXo5dow8r6XiEeKKZSSDVqxQDQIPclDrRqiHdYW3ECKeQRKTrZ1fg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="35.199.24.192"
                    InResponseTo="_6f4c60a1-e5e8-45e7-969e-a51c4ba85056"
                    NotOnOrAfter="2023-05-29T02:20:36.986Z" Recipient="https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:15:36.983Z" NotOnOrAfter="2023-05-29T02:20:36.983Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:15:36.354Z" SessionIndex="_ef41da9ac9a56ed405f5a8179a8e90be">
            <saml2:SubjectLocality Address="35.199.24.192"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:15:36,998 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf
2023-05-29 02:15:36,998 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf
2023-05-29 02:15:36,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_adfc54a72411d984e10d1b9153fd43be"
2023-05-29 02:15:36,999 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _adfc54a72411d984e10d1b9153fd43be and Element was [saml2p:Response: null]
2023-05-29 02:15:37,000 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_adfc54a72411d984e10d1b9153fd43be"
2023-05-29 02:15:37,000 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _adfc54a72411d984e10d1b9153fd43be and Element was [saml2p:Response: null]
2023-05-29 02:15:37,004 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:15:37,004 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf' with encoded value 'https&#x3a;&#x2f;&#x2f;automation-vv-01.c.ei-cs-dev01-ein.internal&#x2f;saml&#x2f;e3J5zmEiag8ymfJdf'
2023-05-29 02:15:37,004 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:15:37,010 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf"
    ID="_adfc54a72411d984e10d1b9153fd43be"
    InResponseTo="_6f4c60a1-e5e8-45e7-969e-a51c4ba85056"
    IssueInstant="2023-05-29T02:15:36.983Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_adfc54a72411d984e10d1b9153fd43be">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>4SHdDeCxEzNVXtzJZkhRrMXwwAF/k7Uym+28qD9Ef/Q=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GrHkIvjcxWyuaKUH+5hLjMdo1EZfhj8TuHX7VAO6pc8B6/gsS+Gaq5XgGrJWIAkne4CV5OvQQm1Jq45EjL2LZ5cS9JGe5FsEf1BXWMNkTO5vSmfx8HpOTpyAeO0kkCVK4O+oTNn+7fyNfxv5lD8WZJcSDumd1y66VoDRAfUJYr8AH1UHFZMHx6YRyMSxhDMbwXUDgHg2DLqJz9CYRoanS2Bgu3Fqhszm238II2T0y1EEN1I1sPS2EmTYvWQs10KFlHFlKSv2/W9Tzid8c/g5TEpFAqwB/3dS5v7CPzOmrO1gW0aIUFdNyEDJgrqGIQy4xILorhk262a5CvZAnNFDJQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_15d170687462f4bf922b667e5348cab7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b9e001c3cf80c8ef1e58f3a705ca8792"
                    Recipient="https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEIjCCAwqgAwIBAgIUAO0KywVCzWSMeE1TQ/GNuyXNZQowDQYJKoZIhvcNAQELBQAwgYIxGTAX
BgNVBAMTEG51Y2xldXNoZWFsdGguaW8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRIwEAYDVQQHEwlTYW4gRGllZ28xHTAbBgNVBAoTFE51Y2xldXMgSGVhbHRoLCBMTEMuMRAwDgYD
VQQLEwdNZWRpY2FsMB4XDTIzMDUyOTAyMTQ0OVoXDTI0MDUyOTAyMTQ0OVowgYIxGTAXBgNVBAMT
EG51Y2xldXNoZWFsdGguaW8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYD
VQQHEwlTYW4gRGllZ28xHTAbBgNVBAoTFE51Y2xldXMgSGVhbHRoLCBMTEMuMRAwDgYDVQQLEwdN
ZWRpY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhkYCYWVW5f9SG0za3K2ysQen
Zk+ag1UYs/ingew+X2VZeN6gTXh++7FLSr1oO8YFNw7LuI17OJ2jjjoJeK+92MzLGwk5n7oQ6+k7
2FGZjJZIN18qJJ3lo8Cc7fkCeXpDWjCcqpjwTXNJRk18ZxC8Q9ffBJoYGDMsPib9SfqOCfhMdCyJ
u8civGkz+2n48gqdpaQABBLNlA4lCkxbrdMcJfGsAUAr6mapfRNy6whKGxF/jBikp6C7U4YoXwKm
aa8SJ8HWTW18OsPcRQtBF1CyhfliRAwTEEhHIWRfHvWeldQEcWREOS3MSe5bqs9sLLklg4cXl6Kw
HkGyBBgLz95aEQIDAQABo4GNMIGKMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgL0MDsGA1UdJQQ0
MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDARBglg
hkgBhvhCAQEEBAMCAPcwHQYDVR0OBBYEFEi+q3xHUyPz5Dh4sUZju/02YE7UMA0GCSqGSIb3DQEB
CwUAA4IBAQASox98B9pSwYuMd8Ald/HWOLYH41mhYZOg+8ERWhTPwj+6Wvmv1VLnoqJW/EF2Qzkh
8o+lNiwklejk8yvjAX9ACL7Ms3tU8cTBOQYH6BD4Yc5/NLCblpoXwouV5fVqACqS6uECo3NDs98g
7Tt558X63rtnJlQW1dFlXpb7K5Vu3H8lr+EF5WyvbnqF12woQJedLaMl3GzCwGBIJAdr0TjD4mbR
jXOR50m5KpXz1edsWD++wU/Quw+DSPwUn/FSw0lHa641EX8ND2oCGCfFqXQk7Lb8NF1n9wgMqya3
L30sFK7XEepholmsYkszm2iEMrhanvXebo99XTP1TfwthAXg</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>PDVkYrXEhVXAenstQuykG0jxFKSuPr0H+sdJAq5ZW29vYx01VwH8Xrhz7dd+AyuCKOIo65VGV31Pv/aMzt0+2I7gmmysyS/5YEXRRgOuuZyT4nwbFlfak6ISHdm2XC9Pf3QdCVaAP7VRptVrAqHnm1q5HLnLxcTzo4EfICA/0zgMrGbRRth9dZBL0MS3q2YnBwWJt0SPKYeEGLUFOPtTjYSQ6eJ4+xDPzb9yNuP7VSaO0dKqkkUpVPrqTfRDh3ppgPjqUacH+HMSEf8Ea626rSA/9FNmaqtVyinypwneZ4gxJpUFrOMLFFoWqreTcGABqJlVESFCre1Mv9b3mtx5Tg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ugF+v+GkgAPosdMZVvRY26oFwYNSaJaULP06fDJL6GNaxcvmEdpp3tKfDw3Z/EnguLKkm/O5mqiD+B+PaIiaOryS4fJO5FeMAu59Fibcn1x/8jH8XiXT5TeAwS56kIyCxKpqVEvNSbAPN+BLnMtNtMBXlvBBMkkwGgcRXyo1S8BqxFpadSJUTgL+egKTtVe7YyQM3O2YDhKz9IKJJVM4Lu15IAvU4kCYy0/mlVJJ8yWKSCM/qLkZOYcfHTGWDf9nHeUC82X1X2UE/tk+/c69FovuXkSvgpuyR8vSalW6GZ32q/TB5JCgcHeuA5oPw/JxQQLT7tXCRNgZAyNF29gvik3hlBeAtEvoAXTZZvR+5YSdA44JqmB2kMiz+ZxBDE4fgLbiAC21us5UawxuWQ57yoSX6fRReZlxriiPHThYNtU5mLCD5+2ifDVDFvbmvs55W2t+Jyos0OLF+japqwFnW7tZpIETNSdgUCUXueuJco5oqIhCQOH5sbeiM26SLFb69GmCP6PDYGNKHk3UNZL0ofdL73fODCJ32DLvjicZa/p5YGm2Vi6elNIFonnKJ5ane6kK0JTQqsYXD7P1mcWpLZULyEsrPoGByW2b6Eg/jXJ5P5m+a9YIKJ44E20YJDGzOYQmjZlBxWu/RBp+KQUR4WU7MTlCrFCh7lt7SGrEx86bjTCIS/AwZA8grfC8QJhrSxjyZoDxct91XmYW6DS20cASF0NPjUzrTfphovZ/BmvV6uyRqaqI4fkZ3HoMvLNKXR4B9kS7WnDcbrlZRdY9MzjsGgZ4FQT0iRpm8ucgPJuZqtC/SrVV+6Qe1LKY1mQ1IVPOvcY+seIqAqUFwi1t4iGT+ltImME3nT3XFIUGrEmYil4yCZfPYE8ysXSfDEK6slS8VIJU2uPPwPX82l8OJbXWnkr/NTdL+VFnobPANY7sTk2yLJzzocOwYUUv2NOjpIGCKRiS8uSfnoLz9KXrsV9DwBKTc9FmOe1wQUHMeogXTxK2nXGkzSvPpbf5igLQB1xPi9ZUW9WLG8U1uBTyMIMDqTfVX2b5yw1neLf4Dhr4biu6m8Xu/h7rOsTi/jn4HVS55dYvp1OL5NJThiT3XbaK3J8lSj3bXHExFVd74B+w+2+tUp6pw1M4K4Afvts5JBkPXGpx759l9yTEY60nl9GFplccJE8EbiNr/cIDG6VTpbFcFjfWbEoscCsIYntmLyDk5FtX8UyE0s/IICqVcAuFqqSxoC6nTQs3KCiaYrs2Qk2NtSeM4QEJTKjv08Xgaawm8Y3a6nCF+gX7pQG/dJHvOFAzZ7tX4ODZ/0FdGyFLuPO5+0B/8JlzhG8j91Qh3JYdEgMcKcYqBTVl2rxkx9hcED9Yta8lCjE0J7cZFIBhOx9YHdv9dI8j+4S8A7g82QznUEEy+LlyUr+mxrqQ2kQkgihRRiEfFxaHlnhIy+22Y4Jk8wGsaRlA9MdPApv6BFTlhroPuYBrZYw4/5MATCMywSXT4ZYJwdcyyH3pFzI1R0FLSs9RdqDAHnzLXHqJ7U0mFaW+AvMn2cLxR8J7B8JEZPVHswpe4BwbSz+Zo0Y8Y2EUOe/ZtHjuJhlel3DVFAwm9AQ6NWcbmMlKRvKIVvLaRrQt3S2zfToiBM7Mvw3Rlhz+3lgG44RbC//LTlKuyu6GiGqgk2iL6BP0vaQFSAlWLnlNMQ8UmX/nbru4/+sPy93LtxWq37RKyxaJQNX27oNoYGBuiIxabaHcck25os0xw9WDZ97SnVp8RNP87or0LoKE+6kTFANiL/ReSGlrl/mhNDZcbcfJcsnO0xD15rBh/3b93g2NaJ2onckqj3A3/eGO7xX7bQK8udDMbs/IDUxy8med4e8myXWqWUSW8a6E09iOqhXaYvT3mQDgMj7+BhCqRWUAfBC59lI2TpdXtDWA7cJl3MXSn0edNau/FD7d3fSVe8PBgfljTRAb71wnceckIFxJUpAftzutXvH2mBWeVsoGFtYKe2RQzQqI/xI9uSp7cBKdGhdaG3cMajJigUMmrg2HeXmBJIjlumwYuXh1IpwufYad7bUvMhjOMkwWPLQu5j6C3k5oK9iEmpUDpDQlbIhQlQLDpVPudVCP46J7KxCA9Bc/+qx3sfGrIZCI/jBHYXBMkOlPh+Tf6TThYtvbG/oyhwMCSpOZqSM4y8T2KAcAR35wNqIzu5444R6OUFW0y4//rRJvh7ZT45YoUR8BHaZmljZguqF8abXDnJsXZTMZuCzpxz0bKJsj5iV0XbA7pAIfhjC53/HnmeHrvESKESyCRs9sRhL2MjG1rnysF9xcjhCOjIP0j6A/fR4UNJwWPgiv5KCCb1id6F+YoXHaWKvDAkZdgN9AuG5tv4jotS45C+zyqUAOySIx2x6uCYrUvMRQ+xk8ogcyDU5TSDor+59nahzoZJzAu5lCX0vK1xSIt3R4wiu99Ip/z941EN72Z+GkdloQqLon1K0ctOFgSojt/HFpd59iKYwYa3itY7Se6Rb28JjfswL3vDwz6HSDTYMgGEVRrDHmIEygPoBB/xG8P5gvfPFSbf/bLKwVVOKvSC9vD9pSdihpuAx2QXMQgBHwv1GKsaYNGO/US2pbad2vWwzoHboo5Nmet4yjut6a7otZbiwavxyG2i++6x8oJQ/SP3a47oLJzsYGfgR1WM5JQDyg1DeE0Sm/d3AmrptUrXCwZxN69sAwNBucXnESAzQA6a1MbHN8mkvHXggGU4fDe7SscF66l1QpY5WFb3Fw5CMSDcE9KXJ61u93470yO86x4qfkP4CQGmLKIKeRH6WTn7ECutuvL05qEh1aTZCdaVFScOD8J2Bt62KTkg8vSSkgje3fjNO5oJV1P2NVpYD2ikG8M5+kJyyvwqMicmzyWB+w35MZKdJa1xMZ9UbU7g1mYmGiuZdayjIzpc9fLrCt47VO7YnpJS+mAKBc69TqiIfDIJEb68HFqNjtqIDcigMeCPYlLOGEUf0AvGP4Q3DJM1vcdDOb95nzpcqH58Ttn3ghMOeAXjgoWFKQnvuaFasPee/J/+/QiJzndeWLgZI9DsUR/BitB1IF+TQAC4N5N2eDRVLvi5wlDiUbmet/L85aS5qKAvyM4CJydFDYbGQp4nnhBu45XI8VmzCCXYKdOlD141COGAxSOFg1sHGofC9TmNLP2U4zVmAeBG0wrsRyt8s8VKfhQk0QExruwjFZQAMjGaMMYwvV/ETGlGhu+x3gxkQm3mXtnxWpDRiETqRI1jU4ehv1/szrtqvdA/OGSRO1Vc7XGVZmKyE4hY6vKVxt0XhEHf9PMo2IdGh0FGvtVKO2t/KSmj1WiZV+0sxd28m+MF8RXqGhh6f3jkGGG6ou9Xt6o9TEdjWYVa0MB+SpGNCRPQbEkef9HEUlXUy6FjAzDToT8fWBtA5Q4vW3viMfwUUsuw4eZiXlJuAfu5AF2bTsAzT+DHYl1p8rusvFBo85YccLpLIBWiLd896noZpfZ/GCYqmO2au+TVaTUVG55KTldBHSJ53ZMO0pVet6h2xrlXm1H1d9fd9xkVR5jRf3f7m/Iic3CIFrMUdezX4yalnU+UEEB0UEzsxjyiBcDh/NTuMcTD+Cv5mzmcTUPiJFYnjiFtYnSdRXjOaApLGcOUs5XhilppWvPP7aBxtecEBzSkkfl5A+rvp8PF243XlKLK7cxv3e9REFC+qOTlHUfijCtuqz5b++cHrnE0mWm/S4Qf+UkZq6RLk99k5a5m3HYpZ7JWrM6C2vngWeW/XJf5BkLSwajGeeNuJmSwnvcoBhC63Epp2WA/ChVrg+Ic+W0ihyVBSEo3bntMw/vkP6xbW0zZwQKmL+xvFHoDBSm8nnzg3tFM8KDnSGKotoS0zlatjTCJ2DDQsldMir+XKcPn2leJdPlGvZBRCkI21bDpbCkyitkC79yiMhgEasW6415JaJ7cU43rpGWuyYGkAbwPwWaA47D5E/EdX1YH65sk79zhdOiX2Jh8JlSIZeMFLqYntOVa92+5A6O18PZyxfWSDvM+/38WDRKXhiiutUIDrlKPOUkC1hR+AP25vvZKtbc6UlNu6ycMyT1y3a2Mfd1/tZS29g7uMlBihhJIuWSds0u73uqorRK/cwc7/fPpBpta2vFMs2+NTIBoi2HEwt+3ljGwcvZUSg4ouXylFcCCbvdIulCn9DjD32Cp+iddJmnyt12vr4N0CzGZCmnGdHVlOb8Ow2/FUgBeJ/9EP3XO20XmfxNOLL/zRbMogt+6fQWYuozQ7Nq0Hsxu+YFSY81+XuoXTLZ8X/e7cNr2SzK7tV0MdVnjOdy5GL3hhRsDYpqkt470xnTZgOpcd2Rh3nShGLjDhkhcsN9LZ94bIpSyA40azXYXot+/GzobEu3NS8tfgYzRZ9UumbdzyGtds7uEOXC8t/3oHnp5JAat+uZZ7Bsn7P8f39bP2dy9IDt+L3Sh+U98j9ix6fbTHSfZIJOjZmIZa676HVF0sPAt7FFMXhB+UCrhuL+9WO/2SPWs5EniRSOXbCV/Tuw3+VSTX9gVqsCQU9c3JFtseq0w5wreMwehHHL7R6ikJ+CIeJjCJV41OaMXczZfGkt1j532zeweWO408GaemZxqTNOb/NGYJm36l+YSts5JAu+xflgqUH2CdV/oH3YUwitbdeaMy6I7N8nLdL71RIWMO21SIqx/ELEO2N7LrabRvU8FtP7sXCBkSFFzut+OOgpIOCddmPcJeb70j5bSBwzw74sPyN6BLzTdWS7EJg1JWci2I4EptPcklS54UX+HZlF564bCVWvu7zHB8CGsts38/oAOY8DZP4oZNy5h65VWAmrz7XuE9RMaKv1bkbFw+wu65C+o2raoYiWan4bqldach5E0zRvl4agbtSFKM1MYPLDKe6Xc28qshy0pCpbRnYfwoAOLHVQn03xqKLazkIHsWTrQf3mj3sgquYAETtq9TJm/kGr8vteZMLLLiPLoSjDvdzNHLDCZKfPymcrxSwB+5AXsa1zB+0ZuBDZgEPzYELUvry74itHPB5K+sfo0b55NIxW58XVNoF/WFsrtuUKx3igrESdOsyJXYNGtmFQMTPSMCL57O1vA89MCAdDZTx9KTuQigq+NLlEW0E87aIG/B5apStxjIK4epB44jH2bsah7yZighAN+lgT31O/5OO9RTFRGOv/OEy7AIeOPZ0HSfro8eTAty5rIExF2cOdn8eY3445Oc7qn3zMCOwh8VZC8vnV7NUOopmzMBamGxohgHtzVOPaluWBTRCWRUlUWDBC5XKLkKBnDihmbK7G/gRDKsd7BncVVIGy7WamI24NyWDfDJ0+cLZ+L7jlME+aZxg1SF1jlyerijQW9IT5SxBOanUzHLkNwVxeZ+h9+2q41kt2xwpzsUAd0GcQU2S3UYrELk0baV3lTdSQdNMPdb+vdU7p7KlaX33qTsgSGZxjC/u/9/pKEbNI44fFirl+x7pMbyfvzhRR05/Rnzb5U9GV5KaYwkpWxdxt+BbYPRCsJKrSM/lfFsLkCCTyttwzVeMBpoBXC9kIkzFZ2as+5AN2GVsLsbmHNrtfgVjHsgJ1YfzO046gY/TgtzReKk3Npl3FogAH2DcCYToZ3SqiyI3aZD830JNMyWkmY96pis/+YWdqJZ+Tftq2zYXONWDdN97q5jnRSuy8UM2jBz3OVUpqsvIqhCVnjRpz+MG4F1KgTFn31s7Ncpc7tkntYubPmmooYueXt8KSVAUj0dZ8/WNZehsiYC/JLW9YW9nwxWhsO3Eor7enUhQQs1UIv5LBPTPZvFbVhTn2P52zWkeNXHaD0P6vbvrAQQEz5fQeX61hyn7zyBTpr1LaN09LUPWMeaOiDI+VkNx0PF6NKVmzA7SFp3nJOLNDOp7PmDBt08TMhzrVGo4GXvb88ovebpOV6hV77eA/ofbBWR3gxxcUCXAGksa/QFII1QuVgVP4XVwrjlsYrIH1IbmIAPLSObWbBIaJkQODui1ZaMr2tfygt/Nl/305cowEBnTTIKZOP+Q8hJqYTSUdXrVZiy6RoqcqyXnMYqBKIPQTqL+HPjXf3aeZkcJl3u0nIZGlOizYGkfU+7wCwpSmV/M5xSul+R26znpFFW5OMCcTj8N+6PBEnvt2nr/RNnMjGAjDZJcB7y8JZm5dHcKj0bT8gAeZCiWToScdP/2oUGtZed7yDAWH3yEVOqgUp8tRuZp+GK9NgCOEQY0hjMe5FrCtXHSOsIQyQHxhf6MZGkNAJ7TLORB5pb+Wt2Sh85Lndqcd3O43cs7mhu8LLlCgw/TX9XvQ9GSDKt3+ITziDPPlRMaxJydmXWC/OUyxzUR3BRYIuGowSz4r6ODScdfF8gfhsBn78WUjKreR5Ht8sohkUIN+kus4yZdn1DTa68qhDxTr63ZzmAciClO06SuwRJf9vJllkTl+CvoFoTFKNpmUdO/F+7ruDwnGuyBT4BKLp05Q8D5yd+13x9C7IyU53bi37nZzQjG6iouzAaIvlasH+jskMFYzax8SFEXCP8m2UsHOSetD9PmK4B5DvPjNolJ+qr0NGagos43tejKmTuWwwaAT0YEbKG6mnDD0pN/8r2B5kJW9C20YIn4mr7Tlcee/XZQcE21UFUvSe42ywpl3LUp/IJ2bqpiYoIxJ63ywnWs8mD+qwNnV70snNZKOS9V6hIWWxUEEkoT1THyB/IuhvVuBTg0QkRKFoRdWTB1/BDUIz0j8O5E84g2Zw9Az2PlpmsVLMrffVi7jhrRuaLtcERlmP9MO2fLhN/31ijwY1T6Kf4N/GCcy9Y/ORUtwIQtK60/oqACMG6V82mRBdNYOc03ScfKSBoiIPWyjTOWJFApKbtnE9/4Md93dkwOaN19GFUj9a79uzjEe6QrZpFFjO25rHRnWCt+IJEYPnQA+P8OLz9dD2NPu3LgDYTSzdLSCGN0jaEdn4ZNCST3EGHN+ZxczK4ZjzzJ44e8d9K57ApYkkHZ2VQ6APSZ1BYYvV4Oq/gEUZe8ESN45P2OiS8KBEIWtRSzQL4TyI0jmLSQb/8piXBliUidT0i+dvlDaAK77/SBnaozNzSF6bktYYa/DvKqdbPR97lELJuPfu8tDWaiq17bAMgsErOmSs/rXCNOyYyZNpXJMeT0aIIId7UUtCE8Vb1Eel9fC1ZlG3u/A7zIEVqaVSaXX36TKSiMoXBhAXFRhsmNWWVRB3S5Ii++uQkWaFgeVBrAiYUivVmaXBpxIMAnisE3OEwVxrfLlbgSKKLcbxoXeHox+SjAhNqblN4uV1rZ9Z2n6a03vLrWCX662kKi+MhcOFUtbCLs8w5dx8DjuZTyTuIGNWYETYjMJybAHudt/dT11HOnSSRmkY188qHsL1aW0AobHcidui7dLmJf5wmHTUi2j9Rkeo4DAujK9lX88aNBPaGyXQqVAyGULZo25JmcjXcTNy620g4nooitDNET9Z9OlWqRQVg1Xa7sH5Sk5XbIELecUSgGwzoBL+NJA0Ie3k9LEMTmidD/qdY7HZtRATcj+pyf+SaNUZl8mNWBMOYK9I3uGE8TeH4INpSYYGyIHCsSonv2MtB0ru81PAjhOV3+basXrxNe+hmSs7HRExl+qqOHTKKB6kuiQxDhfSEy7qzKBCqk9jCtyfUS34s54L6MGBbE2cbUYLzP2I8YWz47QKGZC9yMu0qeLwg80mu1dqfR4K6tV5NnhIWgCiQ6jCVcfEH1/cx+ciz+YKiRlxJsHQhIs1tyjcUD6H0cmVZP8KfTG1DvzeBlvWtCZ91ab+1kwnW1yNdB6EPPbXVGGlsrQqOpIzj+8Soh7c1ruRte2yC52SbJoH8z7/U3OEvfvOaKiK79P0mgFQKvVXBIYqe/NQYGLc1TOdYDvPAmBAiUbcgpzuw1sLb5UgMkBLc2gyO4tHn6/V3qm/jDaLciUb+aVb252Y5D8JfuOciu0r1ILPusKoTdouwTWXXPvD7IvgBtpP4s9QR1J2FhWiF2oeAYv8Co48RcJ3hXPAWGuevdvAvA0YynDW8bfiE3Vt2zqVEF7aHjheJVSGV/Z/BebayVuRWwZxxF/csMniEFPCT9zkIZXhLcqMV9aZm8BCFCWdAaDa+LLMrCO9sTc4cLQNbMY9qU3M4APz+Ntm28+QbbU473fh4ahK8ZKgsWdIrVPWYNdJCUDPyA5O02+JnYpNvGn3rPGV+XVLGa9SqMJOp01shJgWI5F6I1gKkvjZ6zTxGfq4N9Y8UvCQ6wjBetwXUGqEfBSUClVGlXc8D2vehRnJpXQYxQbyKyFIIUsM7vwA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:15:37,010 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:15:37,011 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021537Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_6f4c60a1-e5e8-45e7-969e-a51c4ba85056|https://automation-vv-01.c.ei-cs-dev01-ein.internal/saml/e3J5zmEiag8ymfJdf|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_adfc54a72411d984e10d1b9153fd43be|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|rsanchez@samltest.id|_871739f0687435e3a10d29d24e0fbfd1|
2023-05-29 02:15:45,301 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-05-29 02:15:45,301 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: https://analytics.placer.ai/#!/admin/advanced-reports/void-analysis/reports
2023-05-29 02:15:45,302 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://login.placer.ai/, acsURL=null, relayState=https://analytics.placer.ai/#!/admin/advanced-reports/void-analysis/reports, time=2023-05-29T02:15:45.301Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_eca32d2c-c591-4043-ab96-5d53d20402d3"
    IssueInstant="2023-05-29T02:15:45.301Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://login.placer.ai/</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-05-29 02:15:45,302 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-05-29 02:15:45,303 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://login.placer.ai/' from origin source
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:15:45,304 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:15:45,304 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://login.placer.ai/
2023-05-29 02:15:45,305 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:45,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:15:45,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:15:45,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_eca32d2c-c591-4043-ab96-5d53d20402d3', issue instant '2023-05-29T02:15:45.301Z', entityID 'https://login.placer.ai/'
2023-05-29 02:15:45,305 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://login.placer.ai/' does not require AuthnRequests to be signed
2023-05-29 02:15:45,306 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:15:45,306 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:15:45,306 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:15:45,306 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:15:45,306 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:15:45,306 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:45,306 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:15:45,307 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:15:45,307 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:15:45,307 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:15:45,307 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://login.placer.ai/
2023-05-29 02:15:45,307 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:15:45,307 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:15:45,308 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:15:45,308 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:15:45,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:15:45,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:15:45.309Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:15:45,309 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:15:45,310 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:15:45,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:15:45,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:15:45,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:15:51,403 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:15:51,404 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:15:51,404 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2125787421::identifier=rick, context=org.apache.velocity.VelocityContext@1b96d80b]
2023-05-29 02:15:51,422 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2125787421::identifier=rick, context=org.apache.velocity.VelocityContext@1b96d80b]
2023-05-29 02:15:51,423 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:15:51,423 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:15:51,423 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7e1b7a8d715ae68014566ea863924f579ab8c17913130dffa819ab4c8609079f for principal rick
2023-05-29 02:15:51,424 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7e1b7a8d715ae68014566ea863924f579ab8c17913130dffa819ab4c8609079f
2023-05-29 02:15:51,425 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:15:51,425 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:15:51,426 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:51,430 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:15:51,431 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@47a062ae'
2023-05-29 02:15:51,432 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:51,432 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:15:51,432 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:15:51,432 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:15:51,434 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:51,434 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:15:51,434 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:15:51,434 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:15:51,434 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:15:51,499 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:15:52,825 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021552Z|https://login.placer.ai/|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://login.placer.ai/, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862552825}'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://login.placer.ai/'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://login.placer.ai/]' as '["rick:https://login.placer.ai/"]'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@47a062ae'
2023-05-29 02:15:52,825 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:15:52,826 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:15:52,826 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:15:52,826 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2023-05-29 02:15:52,826 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2023-05-29 02:15:52,827 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:15:52,827 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e1f095d4bddb3171ed69894819dd0b50
2023-05-29 02:15:52,827 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e1f095d4bddb3171ed69894819dd0b50 to Response _5148e3f3b5ee743566295c5c1cbcb4af
2023-05-29 02:15:52,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e1f095d4bddb3171ed69894819dd0b50
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:15:52,828 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2023-05-29 02:15:52,829 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:15:52,829 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress]
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:52,829 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:15:52,829 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 34.132.209.212
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e1f095d4bddb3171ed69894819dd0b50
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e1f095d4bddb3171ed69894819dd0b50 did not already contain Conditions, one was added
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:20:52.826Z, to Assertion _e1f095d4bddb3171ed69894819dd0b50
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e1f095d4bddb3171ed69894819dd0b50 already contained Conditions, nothing was done
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e1f095d4bddb3171ed69894819dd0b50 already contained Conditions, nothing was done
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://login.placer.ai/ as an Audience of the AudienceRestriction
2023-05-29 02:15:52,829 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e1f095d4bddb3171ed69894819dd0b50
2023-05-29 02:15:52,830 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://login.placer.ai/ to existing session 7e1b7a8d715ae68014566ea863924f579ab8c17913130dffa819ab4c8609079f
2023-05-29 02:15:52,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://login.placer.ai/ in session 7e1b7a8d715ae68014566ea863924f579ab8c17913130dffa819ab4c8609079f
2023-05-29 02:15:52,830 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:15:52,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://login.placer.ai/ and key rsanchez@samltest.id
2023-05-29 02:15:52,830 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:15:52,830 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:15:52,831 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:15:52,831 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:15:52,832 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:15:52,832 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:15:52,832 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5148e3f3b5ee743566295c5c1cbcb4af"
2023-05-29 02:15:52,832 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5148e3f3b5ee743566295c5c1cbcb4af and Element was [saml2p:Response: null]
2023-05-29 02:15:52,832 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5148e3f3b5ee743566295c5c1cbcb4af"
2023-05-29 02:15:52,832 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5148e3f3b5ee743566295c5c1cbcb4af and Element was [saml2p:Response: null]
2023-05-29 02:15:52,834 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:15:52,834 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume' with encoded value 'https&#x3a;&#x2f;&#x2f;login.placer.ai&#x2f;2&#x2f;guru&#x2f;saml&#x2f;sso&#x2f;62319c9bbfe9df002bf6ec9d&#x2f;saml_consume'
2023-05-29 02:15:52,834 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:15:52,834 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://analytics.placer.ai/#!/admin/advanced-reports/void-analysis/reports', encoded as 'https&#x3a;&#x2f;&#x2f;analytics.placer.ai&#x2f;&#x23;&#x21;&#x2f;admin&#x2f;advanced-reports&#x2f;void-analysis&#x2f;reports'
2023-05-29 02:15:52,836 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    ID="_5148e3f3b5ee743566295c5c1cbcb4af"
    IssueInstant="2023-05-29T02:15:52.826Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5148e3f3b5ee743566295c5c1cbcb4af">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>PE6PI1xAiJHPprDeOagK1Hz/5wI0tDT12KpskcZsd5c=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>NKLxUhosjB8I/PFHab2QPe0iZfFpBu/4ymIAhtjlhKv1KISd4RrNe8l8OGaS/IaeyhJhMbBSRTbKlAmg8FoH4N8bPFqWyRdy9cPsZKidCpeDzTPIcf+E3RnRQJU8mmEcy16cg/JHTq7YdQW3uYOw3xCHeZfD4fYyAYWyubX1QcD+s69kyacEuEajbJD0nbUaaKsrpLBPZMQvf5fwWRvSQD6q7ZMRu7+hSCYniwE43UKcSdVE4i1Qgtbc04lxaO7tvaJKUXsoYBDb6Lfy9fZDPEPrqMroubHbk38EWXnL+sfhnbGbgaBb79IvQHwxms4eZVuA51s9ibL3p3NXXvht0g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e1f095d4bddb3171ed69894819dd0b50"
        IssueInstant="2023-05-29T02:15:52.826Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://login.placer.ai/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="34.132.209.212"
                    NotOnOrAfter="2023-05-29T02:20:52.829Z" Recipient="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:15:52.826Z" NotOnOrAfter="2023-05-29T02:20:52.826Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://login.placer.ai/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:15:51.423Z" SessionIndex="_ab1798827dd49356d006e4a21577c4bf">
            <saml2:SubjectLocality Address="34.132.209.212"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:15:52,836 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:15:52,836 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021552Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_eca32d2c-c591-4043-ab96-5d53d20402d3|https://login.placer.ai/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5148e3f3b5ee743566295c5c1cbcb4af|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|rsanchez@samltest.id|_e1f095d4bddb3171ed69894819dd0b50|
2023-05-29 02:16:41,233 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:16:41,234 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:108)
2023-05-29 02:16:41,234 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-05-29 02:16:41,234 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:16:41,623 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:16:41,625 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:108)
2023-05-29 02:16:41,625 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-05-29 02:16:41,626 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:16:41,972 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:16:41,972 - ERROR [org.opensaml.profile.action.impl.DecodeMessage:?] - Profile Action DecodeMessage: Unable to decode incoming request
org.opensaml.messaging.decoder.MessageDecodingException: No SAMLRequest or SAMLResponse query path parameter, invalid SAML 2 HTTP Redirect message
	at org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder.doDecode(HTTPRedirectDeflateDecoder.java:108)
2023-05-29 02:16:41,972 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: UnableToDecode
2023-05-29 02:16:41,973 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:17:40,722 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2023-05-29 02:17:40,722 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:17:40,723 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:17:40,723 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f"
    IssueInstant="2023-05-29T02:17:40Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://login.placer.ai/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2023-05-29 02:17:40,735 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://login.placer.ai/' from origin source
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:17:40,735 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:17:40,735 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://login.placer.ai/
2023-05-29 02:17:40,740 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:17:40,740 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:17:40,740 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:17:40,740 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:17:40,740 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:17:40,740 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f', issue instant '2023-05-29T02:17:40.000Z', entityID 'https://login.placer.ai/'
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://login.placer.ai/' does not require AuthnRequests to be signed
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:17:40,741 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:17:40,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:17:40,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:17:40,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:17:40,741 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:17:40,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:17:40,742 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:17:40,742 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:17:40,742 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://login.placer.ai/
2023-05-29 02:17:40,742 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:17:40,742 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:17:40,747 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:17:40,752 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:17:40.752Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:17:40,752 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:17:40,756 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:17:40,757 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:17:40,823 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:17:40,823 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:17:40,823 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:17:48,274 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2023-05-29 02:17:48,274 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2023-05-29 02:17:48,274 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@591263213::identifier=morty, context=org.apache.velocity.VelocityContext@2c57149d]
2023-05-29 02:17:48,285 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@591263213::identifier=morty, context=org.apache.velocity.VelocityContext@2c57149d]
2023-05-29 02:17:48,286 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2023-05-29 02:17:48,286 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:17:48,286 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 38a146131a441838f2a39cb51efa5b880a1890b80d956b3de6dc3e559fc9b466 for principal morty
2023-05-29 02:17:48,287 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 38a146131a441838f2a39cb51efa5b880a1890b80d956b3de6dc3e559fc9b466
2023-05-29 02:17:48,288 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:17:48,289 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:17:48,290 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:17:48,290 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:17:48,290 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@75ac4d75'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://login.placer.ai/'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://login.placer.ai/'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://login.placer.ai/'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:17:48,291 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:17:48,357 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:17:49,647 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:17:49,647 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:17:49,648 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021749Z|https://login.placer.ai/|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://login.placer.ai/'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://login.placer.ai/, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862669648}'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://login.placer.ai/'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://login.placer.ai/]' as '["morty:https://login.placer.ai/"]'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@75ac4d75'
2023-05-29 02:17:49,648 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:17:49,648 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:17:49,649 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:17:49,650 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5b8b8befe88896169db046db035602d2
2023-05-29 02:17:49,650 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5b8b8befe88896169db046db035602d2 to Response _b8ab52c8d9714819dfb935a19a822dc0
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5b8b8befe88896169db046db035602d2
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2023-05-29 02:17:49,650 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:17:49,651 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID msmith@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 34.132.209.212
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5b8b8befe88896169db046db035602d2
2023-05-29 02:17:49,651 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5b8b8befe88896169db046db035602d2 did not already contain Conditions, one was added
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:22:49.648Z, to Assertion _5b8b8befe88896169db046db035602d2
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5b8b8befe88896169db046db035602d2 already contained Conditions, nothing was done
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5b8b8befe88896169db046db035602d2 already contained Conditions, nothing was done
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://login.placer.ai/ as an Audience of the AudienceRestriction
2023-05-29 02:17:49,652 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5b8b8befe88896169db046db035602d2
2023-05-29 02:17:49,652 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://login.placer.ai/ to existing session 38a146131a441838f2a39cb51efa5b880a1890b80d956b3de6dc3e559fc9b466
2023-05-29 02:17:49,652 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://login.placer.ai/ in session 38a146131a441838f2a39cb51efa5b880a1890b80d956b3de6dc3e559fc9b466
2023-05-29 02:17:49,652 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:17:49,653 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://login.placer.ai/ and key msmith@samltest.id
2023-05-29 02:17:49,653 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:17:49,653 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:17:49,653 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:17:49,653 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:17:49,654 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:17:49,654 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:17:49,655 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b8ab52c8d9714819dfb935a19a822dc0"
2023-05-29 02:17:49,655 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b8ab52c8d9714819dfb935a19a822dc0 and Element was [saml2p:Response: null]
2023-05-29 02:17:49,655 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b8ab52c8d9714819dfb935a19a822dc0"
2023-05-29 02:17:49,655 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b8ab52c8d9714819dfb935a19a822dc0 and Element was [saml2p:Response: null]
2023-05-29 02:17:49,656 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:17:49,656 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume' with encoded value 'https&#x3a;&#x2f;&#x2f;login.placer.ai&#x2f;2&#x2f;guru&#x2f;saml&#x2f;sso&#x2f;62319c9bbfe9df002bf6ec9d&#x2f;saml_consume'
2023-05-29 02:17:49,656 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:17:49,658 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    ID="_b8ab52c8d9714819dfb935a19a822dc0"
    InResponseTo="ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f"
    IssueInstant="2023-05-29T02:17:49.648Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b8ab52c8d9714819dfb935a19a822dc0">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>VpI/7RHvs5GUrrf/2iJI1gslNBTcTO1sChABqVzIONY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GCGvLyF8o0RpsqI5FCvZiRFxl411YzI0cxo4U/Le8VHQDLk5l9CVhzAsec587pO757LM0fixubMvTZh4nAK1wKjoF5brcmlRaR3HC+vQ8myT/vEisgZMOGddyjcYG4bLCbMSbJ/oHb3pICiBQcS2bjD+QS8zisomeFI6wA8X14q3N7/1HbIEzqX9P+4YI7QnmlNNlHa7dson6J+zECw7KMklmiRl5CnfdN9jPDAijhVBtiBvSy6ksoLP6UbRXEuYvEUYgDrAQB+lQa/E4GO77Il8qFLD0Hole2XaBPBCjmtC0g9mJD8bihs3sHx8rk4534OnYnsdoimKQApYZcpuNA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5b8b8befe88896169db046db035602d2"
        IssueInstant="2023-05-29T02:17:49.648Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://login.placer.ai/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">msmith@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="34.132.209.212"
                    InResponseTo="ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f"
                    NotOnOrAfter="2023-05-29T02:22:49.651Z" Recipient="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:17:49.648Z" NotOnOrAfter="2023-05-29T02:22:49.648Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://login.placer.ai/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:17:48.286Z" SessionIndex="_2a1aa0985d1e0d7f8e21f4c26e122b33">
            <saml2:SubjectLocality Address="34.132.209.212"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:17:49,658 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:17:49,658 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021749Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ONELOGIN_7a8cfd63a153d163ed53142eb5082f50a9bd548f|https://login.placer.ai/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b8ab52c8d9714819dfb935a19a822dc0|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|msmith@samltest.id|_5b8b8befe88896169db046db035602d2|
2023-05-29 02:18:02,300 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:05beea2dbd656154df92b2d6f8fe3216db508748d2de0d2a8110e01266ad3e44
2023-05-29 02:18:02,300 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:18:02,301 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:18:02,301 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://serviceprovider.opentech.it/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_19f8c5e1a744ad050b77dacc41633616"
    IssueInstant="2023-05-29T02:17:54Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://serviceprovider.opentech.it/shibboleth</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-05-29 02:18:02,325 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://serviceprovider.opentech.it/shibboleth' from origin source
2023-05-29 02:18:02,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:02,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:02,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:02,325 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:02,325 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:18:02,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:18:02,332 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:18:02,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://serviceprovider.opentech.it/shibboleth
2023-05-29 02:18:02,332 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_19f8c5e1a744ad050b77dacc41633616', issue instant '2023-05-29T02:17:54.000Z', entityID 'https://serviceprovider.opentech.it/shibboleth'
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://serviceprovider.opentech.it/shibboleth' does not require AuthnRequests to be signed
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:18:02,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:18:02,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:18:02,336 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:18:02,336 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:18:02,336 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://serviceprovider.opentech.it/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:18:02,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:18:02,336 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:18:02,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:18:02,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:18:02,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:18:02,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://serviceprovider.opentech.it/shibboleth
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-05-29 02:18:02,337 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-05-29 02:18:02,337 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:18:02,348 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:18:02,353 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:18:02.353Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:18:02,354 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:18:02,355 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:18:02,355 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:18:02,355 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:18:02,356 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:18:03,780 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'serviceprovider.opentech.it'
2023-05-29 02:18:03,780 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:18:03,780 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:18:11,102 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://analytics.placer.ai/#!/admin/advanced-reports/void-analysis/reports
2023-05-29 02:18:11,103 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:18:11,104 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:18:11,104 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd"
    IssueInstant="2023-05-29T02:18:10Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://login.placer.ai/</saml:Issuer>
    <samlp:NameIDPolicy
        AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2023-05-29 02:18:11,127 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://login.placer.ai/' from origin source
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:18:11,129 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:18:11,129 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://login.placer.ai/
2023-05-29 02:18:11,130 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:11,131 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:18:11,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:18:11,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:18:11,132 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:18:11,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd', issue instant '2023-05-29T02:18:10.000Z', entityID 'https://login.placer.ai/'
2023-05-29 02:18:11,133 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://login.placer.ai/' does not require AuthnRequests to be signed
2023-05-29 02:18:11,135 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:18:11,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:18:11,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:18:11,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:18:11,136 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:18:11,136 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:11,137 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:18:11,137 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:18:11,138 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:18:11,138 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:18:11,138 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:18:11,139 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:18:11,141 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://login.placer.ai/
2023-05-29 02:18:11,141 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:18:11,141 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:18:11,148 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:18:11,153 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:18:11.153Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:18:11,155 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:18:11,156 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:18:11,156 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:18:11,156 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:18:11,157 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:18:11,157 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:11,157 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:18:11,157 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:18:11,157 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:18:11,158 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:18:11,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:18:11,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:18:11,223 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:18:18,643 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:18:18,643 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:18:18,643 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2043897326::identifier=rick, context=org.apache.velocity.VelocityContext@2034d7af]
2023-05-29 02:18:18,655 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2043897326::identifier=rick, context=org.apache.velocity.VelocityContext@2034d7af]
2023-05-29 02:18:18,656 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:18:18,656 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:18:18,656 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:18:18,656 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:18:18,657 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:18:18,657 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:18:18,657 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:18:18,657 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8cf1d2d70f945f0c74ae207266dd4cd25f25e731398a49341d5f44d6efae34ea for principal rick
2023-05-29 02:18:18,657 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8cf1d2d70f945f0c74ae207266dd4cd25f25e731398a49341d5f44d6efae34ea
2023-05-29 02:18:18,658 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:18:18,658 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:18:18,659 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@678e82bc'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://login.placer.ai/'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:18:18,660 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:18:18,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'login.placer.ai'
2023-05-29 02:18:18,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:18:18,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:18:18,724 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:18:18,725 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:18:18,725 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:18:20,040 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:18:20,040 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:18:20,040 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T021820Z|https://login.placer.ai/|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://login.placer.ai/'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://login.placer.ai/, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862700041}'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://login.placer.ai/'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://login.placer.ai/]' as '["rick:https://login.placer.ai/"]'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@678e82bc'
2023-05-29 02:18:20,041 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:20,041 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:18:20,042 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:18:20,042 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:18:20,042 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0acdeaf05d4d0b817298b9309828599c
2023-05-29 02:18:20,042 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0acdeaf05d4d0b817298b9309828599c to Response _8b183f6572eb4d0080ec6d3274fb2548
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0acdeaf05d4d0b817298b9309828599c
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:18:20,043 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2023-05-29 02:18:20,044 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 34.133.52.28
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0acdeaf05d4d0b817298b9309828599c
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0acdeaf05d4d0b817298b9309828599c did not already contain Conditions, one was added
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:23:20.041Z, to Assertion _0acdeaf05d4d0b817298b9309828599c
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0acdeaf05d4d0b817298b9309828599c already contained Conditions, nothing was done
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0acdeaf05d4d0b817298b9309828599c already contained Conditions, nothing was done
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://login.placer.ai/ as an Audience of the AudienceRestriction
2023-05-29 02:18:20,044 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0acdeaf05d4d0b817298b9309828599c
2023-05-29 02:18:20,045 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://login.placer.ai/ to existing session 8cf1d2d70f945f0c74ae207266dd4cd25f25e731398a49341d5f44d6efae34ea
2023-05-29 02:18:20,045 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://login.placer.ai/ in session 8cf1d2d70f945f0c74ae207266dd4cd25f25e731398a49341d5f44d6efae34ea
2023-05-29 02:18:20,045 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:18:20,045 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://login.placer.ai/ and key rsanchez@samltest.id
2023-05-29 02:18:20,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:18:20,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:18:20,046 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:18:20,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:18:20,048 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:18:20,048 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume
2023-05-29 02:18:20,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8b183f6572eb4d0080ec6d3274fb2548"
2023-05-29 02:18:20,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8b183f6572eb4d0080ec6d3274fb2548 and Element was [saml2p:Response: null]
2023-05-29 02:18:20,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8b183f6572eb4d0080ec6d3274fb2548"
2023-05-29 02:18:20,048 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8b183f6572eb4d0080ec6d3274fb2548 and Element was [saml2p:Response: null]
2023-05-29 02:18:20,050 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:18:20,050 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume' with encoded value 'https&#x3a;&#x2f;&#x2f;login.placer.ai&#x2f;2&#x2f;guru&#x2f;saml&#x2f;sso&#x2f;62319c9bbfe9df002bf6ec9d&#x2f;saml_consume'
2023-05-29 02:18:20,050 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:18:20,051 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://analytics.placer.ai/#!/admin/advanced-reports/void-analysis/reports', encoded as 'https&#x3a;&#x2f;&#x2f;analytics.placer.ai&#x2f;&#x23;&#x21;&#x2f;admin&#x2f;advanced-reports&#x2f;void-analysis&#x2f;reports'
2023-05-29 02:18:20,052 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"
    ID="_8b183f6572eb4d0080ec6d3274fb2548"
    InResponseTo="ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd"
    IssueInstant="2023-05-29T02:18:20.041Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8b183f6572eb4d0080ec6d3274fb2548">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>epY+5pKtShNxrGd2QANuHDyGK4WTDVF17Cyvw8kUBzY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>KpPXLjbvswNhP3y4mADhXeu4y9WX8GucSnKNI4VvKtKc91URFt5PMKpyR1g6ByfwMut2oxGRqh+ryotHHiy4LaaDX0X2d7vRfT5GZ5hE622JOgoIAE7JWvFnneFsf9nD+wDAR2VBO9AzAEhG6tdWktnRtbFTUhM4UcXDaLnmmqjx/VW9Q54dNTgkrTykjY6IWcRufkS54Eapiu3d7LwNc52fSTL/I+D/eCALVdTE92ChtMzOhslNR3mIjlYRvedLJSTqjAvgHsdEx7PHHaN4j0Abhrt4OCnycRGRGV9nQeqjyRaM7wRy+E+cHlL/D8pDu/7r27c9Kdw5QfC4vpobxg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0acdeaf05d4d0b817298b9309828599c"
        IssueInstant="2023-05-29T02:18:20.041Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://login.placer.ai/" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="34.133.52.28"
                    InResponseTo="ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd"
                    NotOnOrAfter="2023-05-29T02:23:20.044Z" Recipient="https://login.placer.ai/2/guru/saml/sso/62319c9bbfe9df002bf6ec9d/saml_consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:18:20.041Z" NotOnOrAfter="2023-05-29T02:23:20.041Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://login.placer.ai/</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:18:18.656Z" SessionIndex="_0a5967dafdfdb44f0a8c3743d0a7feb8">
            <saml2:SubjectLocality Address="34.133.52.28"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:18:20,052 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:18:20,052 - INFO [Shibboleth-Audit.SSO:?] - 20230529T021820Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|ONELOGIN_1a017cd72489ab2f1dbe9c773473974fabc258dd|https://login.placer.ai/|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8b183f6572eb4d0080ec6d3274fb2548|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|rsanchez@samltest.id|_0acdeaf05d4d0b817298b9309828599c|
2023-05-29 02:18:47,252 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-262109-shKTqcRV1NLObxqTJdRq4O1L1k209z1D
2023-05-29 02:18:47,252 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:18:47,252 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:18:47,252 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
    IsPassive="false" IssueInstant="2023-05-29T02:18:46.637Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>nfdZ5Cfrspf6El+YCdw2J1+f8yBvbDXrUq5pfgYWVa8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Q9aHyuqIQlYOZn2ly98px7Gu/MEHj7oc0aonLJtn/MSJ/i5K9tpfviLSx2JertXr/1kosIurNw9AQ2fgR4xaTws1FrSUYo/AQYnJKk/Bho34UTk5UN2FGZBUHkuRbyJT11cGzi7dbE91V4ZK8x08EqxfRiG1Yp+vkmuxffwnqo4ORQf+8yemsdCrtq2rDogd4SRtWg39UoyPLATIqvJECwFaWHX9DctkOaQA4SEGV0mR7hpYCjV5LCPS0Ih+wjzJMoKjBRDKnaqfmT0qkgGFz0ZeeI1FjAR94bjb8rX4VFKNvA7UaC6MKWoZdjVPCBqLFCxOg2MzwNnYWgnjonQ/Ng==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIGxTCCBK2gAwIBAgIQe0B4acKydITAr116IhaDFTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjMwMTMxMjMwMDAwWhcNMjQwMTMxMjI1OTU5WjCBljELMAkGA1UEBhMCRlIxDjAMBgNV
BAcMBVBBUklTMRIwEAYDVQQKDAlUUkFWRUxET08xHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAw
NTkxMDAuBgNVBAMMJ1RSQVZFTERPTyAtIFNBTUwgU0lHTklORyBBTkQgRU5DUllQVElPTjETMBEG
A1UEBRMKQzI2MjU0MTAzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcgp3CNVODF
WVk79Fylw+v7oGKsSWkwvJDZumgvf26XkeTJyrtSlvShNqSEQ8az5vXez6ey8DeMaPpsK4F2DxZO
BiOSKsliDTKU5srLAnkZXE7gYbzqqDeD24zcMyP8lzugY9OsZZYo70bkSuJrgeCqy9TzvYMHOt3p
k3Cj5Vs6FR5+EpGKjxWI1sVT4diU9p3qUmOMEUo5Y99o7AQqT8H3sJKGmdJtZGvmBDht4R/+7UPJ
khR6JTmarC5GBGlZMtQ6regmRTaGR9tZ05wXZrO4TwtPvl+qg2NL0jsRPf8bZJEkcobsQ7xBdj/4
/fnmB3n6doiy60D/GBmfDwgcoRcCAwEAAaOCAiUwggIhMIHkBggrBgEFBQcBAQSB1zCB1DA4Bggr
BgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIwNgYI
KwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAuBggr
BgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAwBggrBgEFBQcwAYYk
aHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMB8GA1UdIwQYMBaAFKzsho9LNxy4
fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUB
AgEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRp
ZmljYXRpb24wZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp
Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU6nK0K31+xwEwlp7R
5QfDyrESC9EwDQYJKoZIhvcNAQELBQADggIBAGYUca64cj73s6dpL9kdCl/l6TXyeaytKKN4Ffb5
qU4XGKh7BGNhXqp7TnUuFu76DvOj4D5Y5sv1Sam6Miu6uyMmCMt+hjg4vuERSj+Xz+asb0mepJD1
cC6t/yrew1/iTDv4qifRea83yiVrGz1vy1UX0svDtj7bOtXWrcIocZOXtgAdzbRNOb1rwaX5znTt
N/cPYYeB7r5j9wQb0QWna/Q5cyih/HJsMhcKagMURG1CSsaBnXihESJLemnzjcnP/Vywfp5Q3c+B
KgkEFkdNtqSskdR9e7YG/PdG6rUCN9Hhu2dnSBSvpg3TyA8t1+WXsY2LAesn7t9X0bt0k5rSZZM1
ZKGsItj+u1YRw+Dh8dEZpRsh9yGOqsCA05rE3/F3QYWjSZU6gbXqBcPXt5iZCrq2flKT41FroMeP
kD7+eS3ipIcjK4Qb7rnNSHqUairFSD5ve4qjqU20Tk/PzqjNK+fltsSRu6ZtOoN+FMkt+A3Yufk7
ekTTuzbsX+bi8mRE88icMeSEiyJRqWxhw0BUsbH5dQCsDqIhgo7/CXsQ3oj8narz0j8Ma0UkOZQz
aLvZMv2YA8Xt/GCWyyyCbwdKLSTTULmCOIrpwkpiiBAcv5md6c//Uo6s6BiMmD0sG6oh2SKnYFH4
QRBrwNTxk6yh/DL9p3W5TzbTmiuc7RAJXiLJ</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2023-05-29 02:18:47,260 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:18:47,260 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:18:47,260 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:18:47,261 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:18:47,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:18:47,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:18:47,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:18:47,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:18:47,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ed2ca7e4881242fbad5ecc889a9d929422cbdfd', issue instant '2023-05-29T02:18:46.637Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:47,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed2ca7e4881242fbad5ecc889a9d929422cbdfd and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed2ca7e4881242fbad5ecc889a9d929422cbdfd and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:18:47,262 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2023-05-29 02:18:47,262 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2023-05-29 02:18:47,263 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:18:47,263 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:47,263 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:18:47,263 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:18:47,263 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed2ca7e4881242fbad5ecc889a9d929422cbdfd and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,263 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ed2ca7e4881242fbad5ecc889a9d929422cbdfd and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:18:47,264 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ed2ca7e4881242fbad5ecc889a9d929422cbdfd"
2023-05-29 02:18:47,264 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:18:47,264 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:301] - Credential failed name check: [subjectName='2.5.4.5=#130a43323632353431303336,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700059,O=TRAVELDOO,L=PARIS,C=FR']
2023-05-29 02:18:47,264 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:18:47,265 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2023-05-29 02:18:47,265 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:19:46,850 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:dee2b73ef60c085d4a9f5f3c5788efba1117a2b5ab8bb4e05c1fea8354d3a28a
2023-05-29 02:19:46,850 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:19:46,851 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:19:46,852 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_ef969ca625568ad568e53719c231785c"
    IssueInstant="2023-05-29T02:19:46Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://lits-apps-test.lib.cuhk.edu.hk/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-05-29 02:19:46,866 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://lits-apps-test.lib.cuhk.edu.hk/sp' from origin source
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:19:46,866 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:19:46,866 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:19:46,867 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:19:46,867 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:19:46,867 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:19:46,867 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:19:46,867 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:19:46,867 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ef969ca625568ad568e53719c231785c', issue instant '2023-05-29T02:19:46.000Z', entityID 'https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://lits-apps-test.lib.cuhk.edu.hk/sp' does not require AuthnRequests to be signed
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:19:46,868 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:19:46,869 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:19:46,869 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:19:46,870 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:19:46,870 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:19:46,870 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:19:46,870 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-05-29 02:19:46,870 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-05-29 02:19:46,870 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:19:46,875 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:19:46,876 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:19:46.876Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:19:46,876 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:19:46,876 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:19:46,876 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:19:46,877 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:19:47,025 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'lits-apps-test.lib.cuhk.edu.hk'
2023-05-29 02:19:47,025 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:19:47,025 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:20:01,658 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:20:01,659 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:20:01,659 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2085663658::identifier=rick, context=org.apache.velocity.VelocityContext@6fb66748]
2023-05-29 02:20:01,673 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2085663658::identifier=rick, context=org.apache.velocity.VelocityContext@6fb66748]
2023-05-29 02:20:01,675 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:20:01,675 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:20:01,675 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7 for principal rick
2023-05-29 02:20:01,676 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:20:01,678 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:20:01,680 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:20:01,680 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:20:01,680 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:20:01,681 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:20:01,682 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:20:01,682 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:20:01,682 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@435d7321'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:20:01,683 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:20:01,684 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:20:01,684 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'lits-apps-test.lib.cuhk.edu.hk'
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:20:01,832 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:20:10,311 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:20:10,311 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:20:10,311 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T022010Z|https://lits-apps-test.lib.cuhk.edu.hk/sp|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://lits-apps-test.lib.cuhk.edu.hk/sp, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716862810319}'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://lits-apps-test.lib.cuhk.edu.hk/sp]' as '["rick:https://lits-apps-test.lib.cuhk.edu.hk/sp"]'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@435d7321'
2023-05-29 02:20:10,319 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:20:10,320 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:20:10,320 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:20:10,321 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:20:10,321 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _832b93f314f9ca931c4396b09fb6fbac
2023-05-29 02:20:10,321 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _832b93f314f9ca931c4396b09fb6fbac to Response _dcce9420a834c03f65159705f9506f6a
2023-05-29 02:20:10,321 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _832b93f314f9ca931c4396b09fb6fbac
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:20:10,322 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2023-05-29 02:20:10,323 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:20:10,323 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAYgbsLke7TB0gHEwm2d83sl3E80kR83IL1lI7sAeWjhPCuMDhJPybRcnOC/M3cExzEF4VtL4J6oUQhnceyb8GAXR+K+lVtr9LT07+IlB9A41qHCrNMSBOTf32wOUApo71UDXC8X3gpQEIaHv with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 137.189.170.164
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ef969ca625568ad568e53719c231785c
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _832b93f314f9ca931c4396b09fb6fbac
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _832b93f314f9ca931c4396b09fb6fbac did not already contain Conditions, one was added
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:25:10.320Z, to Assertion _832b93f314f9ca931c4396b09fb6fbac
2023-05-29 02:20:10,323 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _832b93f314f9ca931c4396b09fb6fbac already contained Conditions, nothing was done
2023-05-29 02:20:10,324 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:20:10,324 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _832b93f314f9ca931c4396b09fb6fbac already contained Conditions, nothing was done
2023-05-29 02:20:10,324 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:20:10,324 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://lits-apps-test.lib.cuhk.edu.hk/sp as an Audience of the AudienceRestriction
2023-05-29 02:20:10,324 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _832b93f314f9ca931c4396b09fb6fbac
2023-05-29 02:20:10,325 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://lits-apps-test.lib.cuhk.edu.hk/sp to existing session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:20:10,325 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:20:10,325 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:20:10,325 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://lits-apps-test.lib.cuhk.edu.hk/sp and key AAdzZWNyZXQxAYgbsLke7TB0gHEwm2d83sl3E80kR83IL1lI7sAeWjhPCuMDhJPybRcnOC/M3cExzEF4VtL4J6oUQhnceyb8GAXR+K+lVtr9LT07+IlB9A41qHCrNMSBOTf32wOUApo71UDXC8X3gpQEIaHv
2023-05-29 02:20:10,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:20:10,326 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:20:10,326 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:20:10,326 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_dcce9420a834c03f65159705f9506f6a"
    InResponseTo="_ef969ca625568ad568e53719c231785c"
    IssueInstant="2023-05-29T02:20:10.320Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_832b93f314f9ca931c4396b09fb6fbac"
        IssueInstant="2023-05-29T02:20:10.320Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAYgbsLke7TB0gHEwm2d83sl3E80kR83IL1lI7sAeWjhPCuMDhJPybRcnOC/M3cExzEF4VtL4J6oUQhnceyb8GAXR+K+lVtr9LT07+IlB9A41qHCrNMSBOTf32wOUApo71UDXC8X3gpQEIaHv</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="137.189.170.164"
                    InResponseTo="_ef969ca625568ad568e53719c231785c"
                    NotOnOrAfter="2023-05-29T02:25:10.323Z" Recipient="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:20:10.320Z" NotOnOrAfter="2023-05-29T02:25:10.320Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://lits-apps-test.lib.cuhk.edu.hk/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:20:01.675Z" SessionIndex="_63088ad32e51df3272382dc1675f4fa8">
            <saml2:SubjectLocality Address="137.189.170.164"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:20:10,328 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:20:10,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:20:10,328 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dcce9420a834c03f65159705f9506f6a"
2023-05-29 02:20:10,328 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dcce9420a834c03f65159705f9506f6a and Element was [saml2p:Response: null]
2023-05-29 02:20:10,328 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dcce9420a834c03f65159705f9506f6a"
2023-05-29 02:20:10,328 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dcce9420a834c03f65159705f9506f6a and Element was [saml2p:Response: null]
2023-05-29 02:20:10,330 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:20:10,330 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;lits-apps-test.lib.cuhk.edu.hk&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2023-05-29 02:20:10,330 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:20:10,330 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:dee2b73ef60c085d4a9f5f3c5788efba1117a2b5ab8bb4e05c1fea8354d3a28a', encoded as 'ss&#x3a;mem&#x3a;dee2b73ef60c085d4a9f5f3c5788efba1117a2b5ab8bb4e05c1fea8354d3a28a'
2023-05-29 02:20:10,332 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    ID="_dcce9420a834c03f65159705f9506f6a"
    InResponseTo="_ef969ca625568ad568e53719c231785c"
    IssueInstant="2023-05-29T02:20:10.320Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_dcce9420a834c03f65159705f9506f6a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>8Yu37sE1cUyqDiO4iNXUBmrpCKSmpMOv7ZXJTNwW15ML4vVdsOgV5KgfO6dZv/mqE8TCaTstLk68rmhVStkvjw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>pDMtsUPVnLjj4p/qj30RZQjVPx0a2mdRjN091+EwAZ++DZL15C6Z226NyyYcvujgyS78fNh+0ZSNYnU3tptAduyiMQVq5V3/+pVPNrHHPCdH9D4bHK6QkXl2M80cLXQsFTWm+pVdt4YFp2tOfVDNDD4uWvgFsmoeiJJumCq5yci6tj4z97unm9mgM7NoIE7wUXhHy9n3yrFJ+O+ZIsEf+NJkGrdNzEHVJqmF/+6JRRS0pNfyhRS5WUpW0wJ/gh2cXnksjzB4fbAoQ5lAbFDdyuCkcWgwAihz7WN+719fw2WYkP7wqxCxxB/ckykJzUuzpK22kzfjLj06h3FPz8zPhA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_44ddb576f29a51380cd1b356a5219221"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_69dfbbb249f08b58bb01a18f17368681"
                    Recipient="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIETDCCArSgAwIBAgIJAJPKWJLCM6V4MA0GCSqGSIb3DQEBCwUAMCkxJzAlBgNVBAMTHmxpdHMt
YXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazAeFw0yMzA1MjUwOTA0MjRaFw0zMzA1MjIwOTA0MjRa
MCkxJzAlBgNVBAMTHmxpdHMtYXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazCCAaIwDQYJKoZIhvcN
AQEBBQADggGPADCCAYoCggGBALwILctcpSyE35RwrLX1ubNB0Wq6aCCn3BWqiD0gKJG6+6ZV1Z2L
Jc+5sYfzdJF3826vY+VebLqdJrVjxCDSCXm8xzchwGFNJ623RigcE1lac8KW9ZJKOYOIpyzRSC2p
F1SEaKmMWiz6c6CpJVBIJn9GO1RFH7VK/0xMlwezlg53L/QZ82VjsDfZ0MWsllSGUfhSCfYy6VjP
ZPcgome+4WcHXPwOeMcVCkcD54MvQY6/WRIe0mhsFsIeInw33c/thi8H7+VPwfHkXg8rdZbDMomw
N2bP12MT/A1z9I1iGL9dp4URal7pGsPLICOsUf21l0ZcVAHeSEX2KX1Me76FVcJP30FKWFWGIcXk
Q4QH80XkrHgg4pEjoqI5uKDJLew8IYSp0uGUvHweZkTvR1QtThiJY4lmL8AOB9OPnkZLQin7D4xw
l5yzmdhJZ/VffmTrUX2rQJ80KMrmU75W9b8T4OTODLAE3FEz0vi/UbwxZrCK/tARd3r21bbkhxlQ
0h9gXwIDAQABo3cwdTBUBgNVHREETTBLgh5saXRzLWFwcHMtdGVzdC5saWIuY3Voay5lZHUuaGuG
KWh0dHBzOi8vbGl0cy1hcHBzLXRlc3QubGliLmN1aGsuZWR1LmhrL3NwMB0GA1UdDgQWBBSKuk2+
Qwpv/IloAUBhJfTMNCtTCjANBgkqhkiG9w0BAQsFAAOCAYEAhHJyIHCppAxJLPlhVtWNKUrqYS7B
BP7xbpT3Lgo6cvST68aOZnYt+4/WDTg0jMckPZHO25KcMXdipEP/OGnFllAwPPns+hvBKBUJtOZN
5ZWFdu9aEbJOqYMKQykki+vUEzVO8ykPwck8u1W6p0CCr+Hk/VI594z3/wNoccQ1Ac9BMyuzWTcS
+5nQV/tslB8Y2u37JLF6aQx4+aRy0XpIBc6OxWhmk+kd17eRYHfCoTShWBDxFniY+DRroxinCuFT
Iyaa7zyFvPUWZyKWlgaLKLl4hw6BxCm61tDtS9XGuG1OUcM176RxJmP1qlv5ndXDOXJ0VUl6dSAX
l4IRXaO8xv+llBZV0KUZvfLXcyHwnLFUMHFMpEXRei+7TLH9qQY8ILfb+wZsXDC6vJOso/nxK3AE
5jZd3hzHRYy10p62UXHKh4oP4cCP3P9Bi9clQC3rCudgt7IiYE9EZYa6nOQ4DxHd2tD5jjpShBgW
tTWEXQJ+/zX4AcqXcm+G8DZfVxk6</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>bsYK/+pTwqRPIvEv+rSLWC5YEm7V92PO0sI2OmwYz2wTWa4+MwNUQ9uLQ9TVx1fgq+1z21Kcyz7+KO7i4JlZrNsJVQstKVjndMMWUr9ecLYhZxyUo/2Jy9kyjR4/mtjGFO691P1pkv5PWvEBeI3yFtdpCnfnVBriyFgnARF8NKXh7CUGoMSX3j+t3c6SEZkU867SFbK+sdxWIrbwYQt2xkI9M99XykpigeV5Ef3NhhnT17RPyFFL1GspPSU+xTEoPvoomMxuUjQnBVWsO3QpKfvFQUQSQ4M5nA6VYg9awRCSIgpVjqaAecZVBYL83vjRmXcsvStwuTqEwZ1x74q8JaaoI2iuzWEbDeLUQztHYSTgAEGJAbFnZRxWqX913UrhO8QAchZXyMSXspokIHKkSKGMDRRp0yKpfUkRY0ABt53blp/7GFYmBO6z2+KENL9TRuRkQwUF8ta+WY6FQrLbW/Dc+Pmyy9SqwL+qorzgS54GwjBd27ms+HhmQjtRo+gz</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>JP4A194xEZOO2EgW1GyjRfk7S/RAaG91Jk0DZNXLjsXNiCrbcgxWjKoUAUfOhqAWUYAeX/ipuCa9uSxPUmZOJnx2/6thOLXaXUuO3kQIxSph5QHfFrKRMDsMVSQmDzsD34I28XoU//VwZ+gJkxg5z8Ju96C8CSBw6dzmrPwCj7rs0+clQiTUdrAlX8QaGMDpG8wN8qhr+5dpGSDA3RnEM6NmxzR7GyEwjC5Rd4/AsTqQ9iyi+t+u88HdQz3LgPxipewz3CsldlTayA/oAm89ZNfVgVXvUyZjxOmIlQfaJ4fXFUYERHz8tbWVvNV6+6nk+uYjke9LiKLxGssxji0cZUa5/Pm+CHqqzM73AHh7NzOWJL0jD2avKRKvu0LrUaU3C/r3g4ifmyi6pAfKXv5ekFXoVYVAnbYj1WxJ4yGMRoaFa4dRPdY41Inv33qeJe72qN0jpFa8wBVH3qD8ueFDvAZZbpNDghudfW2MBxsfP9hF9iU7sewHd5KZzOhIVxYImdv0ubO+uydZwPg0rmD5xv9E93ezIpWBQ2PwPvCVsK5ThUwb6s1KWEZNWQ/+65FzJLoWe6mu0ZkQp9OXeNtgtSUAnqavfuaUuOuZbxmP3M+xgWqQtG4PiWvaOpfhSNJ0EWh0ygO5oTzhe04S909gWR2jbtHkaqcQ9Qb2+28fEaShMR99YOVDgYQCYwQe90WEQlWbso7YUua479pVvIVWEhCVcfmgLMieRXZ2S/G0eSFkq9vgGDCGgh183te8hZyNRqogtlTSZM8fii9a08KnJo7BK8+5bjCKwH7a41EuOO92PUHLlgo7SzDAS7wN8bU8EfAMECFhAf5WtRK3yeJtRreoDEaGnKbF+s4t5PtpfU2iZmTQQHOqrSmU3SqKk8hLkYs4H2atyTiDRfL4iWLNaYveRcs1Pd7tBL2qjqPSa/D1LA8czsTZn7zP0SCsbORykzC0XQVWU3yZXTzhbyXWrXKgX1KcFarRkkoomEjXZfriZ5guwgGD5kEi6GB/KImEBZZsG9UbXG7pXh5SOpAGliTfDMWaHyz36x5l8rUI9lrRaYIghrDtFajrJrN0qCXSuQRNJYFdlbb6pgraeV3W6liZMLIwcqn0DNwRyjqJ6VMbOciX+coPw7dJzRU/A9O/jrS+vF543LFTE/jlwd23c2qm/TJiML+EUvYTepAgOS3bR2epZSuIjEWRwYeX7qP19Kq6qr7Ue0CrYqhEvMnV0G1frpumF80tdhhMeuzD+1JeTjVuVvaawqDQ4xHCl1CwVSgGExKex0HIO9UCMXC72Kom1QseZV+PG62RaJLIXrKz3YF9YNYU1wTV//MZ8s3e0qVmFoyhdFBHVb+ugYhHrLuTQX1e6us+Csjj5wLcrcCimZYVxDnaYQa2F0lFIehKmm9Ork9Vcy/YIG0kL32/nlR9Vb3gN2rMREvl0cKzBMJE4f0HYRAB1Z0vNya0xZ/Er/j2DAB43/ocwll9/zK6p16Cs3YF24F2o2/eQAF4Iewq3CAEWef4TLlN7uk60ThIwy6C4oRW+bmJV/ZfFqOqj7wbD9jUWIzuke8kEuOsE4nE8JxqVjTsqyzUDRydqX/6nHlZWIurNl8dbHJ4nbC4rE7+4OXi57Zb+r5sMqSFAQN+YDTeBwUTlK51me005eCNpG8tuRE2E8pSHAmlPOMpYl6wGj0+9WurNxZf7rMP+3hVW37FglvAMS+z3uZfNDTjRcMFhiL7k8HZCid5aUJJMaqqSbuDtXKcEcWq22j4/K4NNQCxy2ZJ74khqLU2b2420zmbg65nny2YS3BlPbu6co4Xquhjog/EHVvt+CkuqDpam8FbRJIqKWTjMm+yzpi70k805DsyqARKSJpDsAl3C+txTRxkWuHogmiwPs+49u7ZKz42yKwZfuUO7hLP1T17crv1BNmQG4repaNkHkblsT8ZI61vV/fEtAB6qzmIIMPSxDIacdXLYiS6S7suW4K0a1boKqu+7PXOanW6gCSzF8xtwCMeUijYd/1NNucRpS3DJJ3Q7NFWMsD1RpRd7eUjIqSUobzdW1TlL/0EBf4H5OexJSMYqnSuMxFJ8n5+ZqZ928uflE/j6SCT87EGyNOEMi3Zc23s0Q9HMlafl9B/rXlcuk2qcvJ05lFKkAIWwVqwnW2EUsLpHInOJOAjaB2QyOPJAsKazep2VFIrwjIwDusUd1uiy6avYMjN04w86r7MEQqRqBrfkMcATaNGdH5C84J1XQErF+1wEjnYzBwTKKXYmaESQ36TUJyEhio1lS9y8if/yN+U57sjae9PztOaFbHv6UxRgTdbz7B/im89HSR2/IANmDK+4QDqI8nu9ac2JpOv76RfR/NdCMUBolfIgPyb6z/W3n5eDN2LPuINRy5jviBUEH46GUKc4pcdgiXTGRcvqYaynpus1khKEJsOEAS1B+vWt/7Wo5ZiSlWByj0K7mV0qW5TbxO3Mhdt1bphEyNHCOK5v1XQ9xowy/q0MJnz7MYOjbWtXpXq42usWWws+uLnDGlXHtqojAEwM5csgfbjjIt3Pk6/WVZVnZIQ5MzdKeePG7MahUoGuNmYimUs+s7K8KOl90PAZuPB42iIv7UYGAcgkE8qL2Azn5TPtWXbfewukamn0PkliQlcnoEDgdUijSjiATaidG8jumM+P15+X5D3zKoZvI4PuUsmiY4IAu6a0UVMA1GjPJXGQOeUcDN25uas78YCwfcouViPLM+/8DI4d/60UFTt/Fc7m58rn83K624miatjH4IRDf7rxTAXAdFeH+WffYwW66yRLaWgOaEkRmW/DDdAHO0akAvK7mX//YWOoCe+wTbfB/l/EDnn8dUc920lM1yxVqXNpJ6teZ7oFqaP2RG3wsm9W1axxDE2xDDhrp0p1bxPxLI1Q02bQG6UbqVE6djNGMw9FhsJEKl4DwaJJtj2oOSYZqw80WRtTVQymoiA4MzkbXWHp0jA8bS/4F9O3DQtIX5HgtPoGyxp3Ynj5wmTB1OiSDtEkAwRX5VLVOwmoHPvJ0UP645BG1qZoaaMMmQApWeQDEafTMNhvHaDbD/H+w1BIuhbbmZuS0Z/fBhCVHi0m/eLV5SDgnpYJhuFmkXdLxmiG0MiqqDeqwpOipjO4xh7LE2hIfBIvQi9/pPv6gLez/yEeDVEVRGw9FTSlH3JRh8eX/CNSPem4dIv7dOeA242huYVw7Xwh1aRp6pLIVu/pYXK7bRy7443G78JTEPlXmTpyml4GRUFNwuFjGEJfbODHvlEAyv7vs8x7jdC92XeNyvt/Ex0Ea8oJQFjGIhRasxw4URcFchlaM3E7oWH1I9DbL1RPQKFwYMlpAQMbo2E1i/VLzdYKjtUr2BfJZooLbN4p1C2YuMp6UsBqAY494mchFaAMktJsWWBYcCXsaEIn5DDbN3KlNWBd7PRzFnE+DyAHaJdCfALYGzGXT5rxxv/ejA1zwGdnUd5hsmenl7WB5+6sdcKNUQMCFJDdxyofels3BOD/oo4npJBtaZTkKu6i0HsHKvvd8ptG5HFc/hXxnA+LzhWLU/vOevJ4CGLrj55xeGxyCkuUbR+5HTYhnunWUibafGuLnfQbV9x4OQQwF/XZVVEl8KFshfJmCPnZ4tKyWUyHANLGmimDV4XS2CYERYQj6EfzqSILhir2074k6UVAaedM5f2bX8xpd8GJR6yE2ZsQKA6gRUIvAQN6iDAyZAgBjDRJrRiPYiZdLhrhLjNgdNSoYlzEErYSWDRy5sMAHVv57CP/rF6AS5Vp1qKcFpST9x4RLtGY7/0w0PHhurJAlYhkGvnzAeLMC9/hjQ2RtzJ209WTesmPhwDkTYhxo9N+Vzrlg5FvFgOL+BeBuDjO7YOD4ePAVBK5ilElxUi3KTEJAFHIB7WmR0Aq77IaFujUF8ubMtYGhcI2OpNDxoxoLgYpuqhseudPr1MmmnGUA/9LdWarceQtV+rnGzJSIaH4Yd7O4OZSE3fNgDSDvtWTk0MIrjWtv2+n01UzhhDS2fst1kFrp1uFE1isjQo99Q3H3/6dWYtIRvfViG3CBDRaWEBtSFOMATmNkp8z8+KSsdAU2t4PycHla8YWNdqO5OF4wVXS2mCQDkfWi726Mx18U5G+i7dm+AoMWdaGv4ri9Rw0fLhSISHH6Nan9h+obDyhtx4EVEVi53QE7Uo19Rr+Ygd/zc3Am5x4bhuHU2wAfcVY3w78q1vjT0ubSGggOOitbtaK6xaf6dcSzhI7UGN0pX/yqfr08ERgZO2EH+c2WkyxatTUS4tRnJVv0KISp2pg3m1b370VruivKdhx7ay1aaRYMqcDrRxV43TEVMixnFPIAn7fUXaahTiB7XwnA+p4Awxp70IucHKeu9vTY4qdG+/54NEO+B3yxOrrMslsDWx1ojgTNyNG64EAocpk4R38t1OBT+u1vtkXB7nfMq9ObL6Q6o8No2pnwM8XYOyh+OXlqRFlYEGjegOPvs3uvTubCQXbBeTqrFeQ+crXZiwHgGjsCU73F1T9pMuR90W94ux84vvKJRa897gu6dHx3wGATy33nnggrPgGfD0S7wU97KdUg1EJlo06RcQU7DUJhHvQpDkptW4ULGFZzimLF7qHVZKRMDsCKcSjfyeM4ESVjxz7mNyhQulPY/SuD/Y6aSj/KgDjXMNDOoyV7ti1tKMT6S5M43m5zt4HYAZA9bOYrL/iRPg5oEuJzf1gSRW55Hz/tuT74w9h1fye3Z6UFLDKfzotG0GMlHYRXPKXKCpt2HDpR14M1LWgy4VlZHULfxNS+r6kzg8BWTBoZ+ZtUPx/TIYfl8q0q9RoSUORohVh0aJkbPIhvP1MRoizXwFBlF0d3QLI3rQ5Ekx0hZvp8BFmpUXXwv2nRWdDjcTFaNv1S/sRxzfh2+PEmt30mQ66pg3RzIXWvk762aigcibSuGIMvmRiVW85YZxDOJIxAGjQgCTYj2CHN6gnmeb5n7FUN/noRpCNfDf1PQFkqDT1mQRyitvKJX+1DZbUCjkTqbevSSFSwAR2UWRvexy2+wXAYOJHH+h7NZN4cQyq6sxaEkSvTwyjCF/1Tdbn3xZQl78nOB9rN0SU/E0N6Xmr8MTeJXDpzFbymMDvSUgWraxxxjg8Le/SJAWRaTsB948fFozVXqxTFHDLEJjKGm03A9GtL+qvSXAQUeqcf9ecE98jH0CfvZAiz/IAW66</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:20:10,332 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:20:10,332 - INFO [Shibboleth-Audit.SSO:?] - 20230529T022010Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_ef969ca625568ad568e53719c231785c|https://lits-apps-test.lib.cuhk.edu.hk/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_dcce9420a834c03f65159705f9506f6a|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxAYgbsLke7TB0gHEwm2d83sl3E80kR83IL1lI7sAeWjhPCuMDhJPybRcnOC/M3cExzEF4VtL4J6oUQhnceyb8GAXR+K+lVtr9LT07+IlB9A41qHCrNMSBOTf32wOUApo71UDXC8X3gpQEIaHv|_832b93f314f9ca931c4396b09fb6fbac|
2023-05-29 02:28:47,960 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-261372-gO2mzFQZ-HUyMSu0vN4fWZfVN9r45-1W
2023-05-29 02:28:47,960 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:28:47,960 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:28:47,961 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
    IsPassive="false" IssueInstant="2023-05-29T02:28:46.774Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>DerbrDingqFmrBM2d5VUUNbssnkp0Wie2WARE88vuQI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>mKjSJN9PilF5iE6OAwy5Uyddq+FVEeWLKpLGoJEtoR8uTUT8pCxpkXW2a95Fmyw5eSjwCx5PcGe/wU/FuE2ABHRb+XjZw4UZyYevKYA5cWpcn1RGXSTJriEJlN5gV6OGrCnft1oYpKTm19ARCVPr3Tl+hBfn0taH3eRAux+z0PEYCOqofXY4j6e3DjDhFYn083yGdVjAqEhwpwZIT6U4kCywL0jNe60ulQYmIbfIM7ZZ2vOz27dOkKaH0LBFU1ofXWi5VfG6olzrA4W1Wp2ScPD1/AS8GBWHIVelYGbE1FdIUNk6O1u93Wy5BrqmGH19JjdgyQ4oB/HBVEuHXylJ1w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIGxTCCBK2gAwIBAgIQe0B4acKydITAr116IhaDFTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjMwMTMxMjMwMDAwWhcNMjQwMTMxMjI1OTU5WjCBljELMAkGA1UEBhMCRlIxDjAMBgNV
BAcMBVBBUklTMRIwEAYDVQQKDAlUUkFWRUxET08xHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAw
NTkxMDAuBgNVBAMMJ1RSQVZFTERPTyAtIFNBTUwgU0lHTklORyBBTkQgRU5DUllQVElPTjETMBEG
A1UEBRMKQzI2MjU0MTAzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcgp3CNVODF
WVk79Fylw+v7oGKsSWkwvJDZumgvf26XkeTJyrtSlvShNqSEQ8az5vXez6ey8DeMaPpsK4F2DxZO
BiOSKsliDTKU5srLAnkZXE7gYbzqqDeD24zcMyP8lzugY9OsZZYo70bkSuJrgeCqy9TzvYMHOt3p
k3Cj5Vs6FR5+EpGKjxWI1sVT4diU9p3qUmOMEUo5Y99o7AQqT8H3sJKGmdJtZGvmBDht4R/+7UPJ
khR6JTmarC5GBGlZMtQ6regmRTaGR9tZ05wXZrO4TwtPvl+qg2NL0jsRPf8bZJEkcobsQ7xBdj/4
/fnmB3n6doiy60D/GBmfDwgcoRcCAwEAAaOCAiUwggIhMIHkBggrBgEFBQcBAQSB1zCB1DA4Bggr
BgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIwNgYI
KwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAuBggr
BgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAwBggrBgEFBQcwAYYk
aHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMB8GA1UdIwQYMBaAFKzsho9LNxy4
fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUB
AgEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRp
ZmljYXRpb24wZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp
Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU6nK0K31+xwEwlp7R
5QfDyrESC9EwDQYJKoZIhvcNAQELBQADggIBAGYUca64cj73s6dpL9kdCl/l6TXyeaytKKN4Ffb5
qU4XGKh7BGNhXqp7TnUuFu76DvOj4D5Y5sv1Sam6Miu6uyMmCMt+hjg4vuERSj+Xz+asb0mepJD1
cC6t/yrew1/iTDv4qifRea83yiVrGz1vy1UX0svDtj7bOtXWrcIocZOXtgAdzbRNOb1rwaX5znTt
N/cPYYeB7r5j9wQb0QWna/Q5cyih/HJsMhcKagMURG1CSsaBnXihESJLemnzjcnP/Vywfp5Q3c+B
KgkEFkdNtqSskdR9e7YG/PdG6rUCN9Hhu2dnSBSvpg3TyA8t1+WXsY2LAesn7t9X0bt0k5rSZZM1
ZKGsItj+u1YRw+Dh8dEZpRsh9yGOqsCA05rE3/F3QYWjSZU6gbXqBcPXt5iZCrq2flKT41FroMeP
kD7+eS3ipIcjK4Qb7rnNSHqUairFSD5ve4qjqU20Tk/PzqjNK+fltsSRu6ZtOoN+FMkt+A3Yufk7
ekTTuzbsX+bi8mRE88icMeSEiyJRqWxhw0BUsbH5dQCsDqIhgo7/CXsQ3oj8narz0j8Ma0UkOZQz
aLvZMv2YA8Xt/GCWyyyCbwdKLSTTULmCOIrpwkpiiBAcv5md6c//Uo6s6BiMmD0sG6oh2SKnYFH4
QRBrwNTxk6yh/DL9p3W5TzbTmiuc7RAJXiLJ</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2023-05-29 02:28:47,970 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:28:47,970 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:28:47,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:28:47,977 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:28:47,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:28:47,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:28:47,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:28:47,977 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_a9a70807f87f43f99a7ba9f3a5cdfef06710f10', issue instant '2023-05-29T02:28:46.774Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:28:47,978 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:28:47,978 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:28:47,978 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:28:47,978 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:28:47,978 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9a70807f87f43f99a7ba9f3a5cdfef06710f10 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9a70807f87f43f99a7ba9f3a5cdfef06710f10 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2023-05-29 02:28:47,979 - WARN [org.apache.xml.security.signature.XMLSignature:777] - Signature verification failed.
2023-05-29 02:28:47,979 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:28:47,979 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:28:47,979 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:28:47,979 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:28:47,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:28:47,979 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9a70807f87f43f99a7ba9f3a5cdfef06710f10 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a9a70807f87f43f99a7ba9f3a5cdfef06710f10 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_a9a70807f87f43f99a7ba9f3a5cdfef06710f10"
2023-05-29 02:28:47,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:28:47,980 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:301] - Credential failed name check: [subjectName='2.5.4.5=#130a43323632353431303336,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700059,O=TRAVELDOO,L=PARIS,C=FR']
2023-05-29 02:28:47,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:28:47,981 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2023-05-29 02:28:47,984 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:31:58,521 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1YbHVwY3k3eVdSTmJXWFVFU0hQOXh6OHVFRDYzVmM4TEpCZ1k3MVAwTlVJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1INGJSeFNOWEZ1JnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-05-29 02:31:58,521 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:31:58,521 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:31:58,521 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<ns3:AuthnRequest
    AssertionConsumerServiceURL="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="id10d3e7d1312c432b8e75dd8a305e32d6"
    IssueInstant="2023-05-29T02:31:58.186Z" Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    xmlns:ns2="http://www.w3.org/2000/09/xmldsig#"
    xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:ns4="http://www.w3.org/2001/04/xmlenc#">
    <Issuer>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</Issuer>
    <ns3:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</ns3:AuthnRequest>

2023-05-29 02:31:58,528 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' from origin source
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:31:58,528 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:31:58,528 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-05-29 02:31:58,529 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:31:58,529 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:31:58,529 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:31:58,529 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id10d3e7d1312c432b8e75dd8a305e32d6', issue instant '2023-05-29T02:31:58.186Z', entityID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:31:58,529 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942' does not require AuthnRequests to be signed
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:31:58,530 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:31:58,530 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:31:58,530 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:31:58,530 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:31:58,530 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://global-login.sandbox.streem.cloud/samlv2/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:31:58,531 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:31:58,531 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:31:58,531 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942
2023-05-29 02:31:58,531 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2023-05-29 02:31:58,531 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2023-05-29 02:31:58,535 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:31:58,536 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:31:58.536Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:31:58,536 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:31:58,536 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:31:58,536 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:31:58,537 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:31:58,623 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-05-29 02:31:58,623 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:31:58,623 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:32:10,712 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2023-05-29 02:32:10,713 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2023-05-29 02:32:10,713 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@300614200::identifier=morty, context=org.apache.velocity.VelocityContext@2e2f4b86]
2023-05-29 02:32:10,723 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@300614200::identifier=morty, context=org.apache.velocity.VelocityContext@2e2f4b86]
2023-05-29 02:32:10,724 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2023-05-29 02:32:10,724 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:32:10,724 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5df595445faa6b7848202a4235cc97ce01dd5af1fba9c20fe72f4ef61899ee5b for principal morty
2023-05-29 02:32:10,725 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5df595445faa6b7848202a4235cc97ce01dd5af1fba9c20fe72f4ef61899ee5b
2023-05-29 02:32:10,726 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:32:10,727 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:10,728 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:32:10,728 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5814e1e3'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:32:10,729 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'global-login.sandbox.streem.cloud'
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:32:10,817 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:32:11,712 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:32:11,712 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:32:11,713 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T023211Z|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716863531713}'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942]' as '["morty:https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942"]'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5814e1e3'
2023-05-29 02:32:11,713 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:11,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:32:11,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:32:11,715 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:32:11,717 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1c934481d50a675a941c25a595450e9f
2023-05-29 02:32:11,717 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1c934481d50a675a941c25a595450e9f to Response _387991c95a4590ff9e188f4f3b5bc17f
2023-05-29 02:32:11,717 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1c934481d50a675a941c25a595450e9f
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2023-05-29 02:32:11,718 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Checking for source attribute uid
2023-05-29 02:32:11,719 - DEBUG [net.shibboleth.idp.saml.nameid.impl.PersistentSAML2NameIDGenerator:?] - Generating persistent NameID from String-valued attribute uid
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 20.83.144.189
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id10d3e7d1312c432b8e75dd8a305e32d6
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1c934481d50a675a941c25a595450e9f
2023-05-29 02:32:11,719 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1c934481d50a675a941c25a595450e9f did not already contain Conditions, one was added
2023-05-29 02:32:11,720 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:32:11,720 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:37:11.713Z, to Assertion _1c934481d50a675a941c25a595450e9f
2023-05-29 02:32:11,720 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1c934481d50a675a941c25a595450e9f already contained Conditions, nothing was done
2023-05-29 02:32:11,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:32:11,721 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1c934481d50a675a941c25a595450e9f already contained Conditions, nothing was done
2023-05-29 02:32:11,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:32:11,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 as an Audience of the AudienceRestriction
2023-05-29 02:32:11,721 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1c934481d50a675a941c25a595450e9f
2023-05-29 02:32:11,721 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 to existing session 5df595445faa6b7848202a4235cc97ce01dd5af1fba9c20fe72f4ef61899ee5b
2023-05-29 02:32:11,722 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 in session 5df595445faa6b7848202a4235cc97ce01dd5af1fba9c20fe72f4ef61899ee5b
2023-05-29 02:32:11,722 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:32:11,723 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942 and key C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U
2023-05-29 02:32:11,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:32:11,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:32:11,725 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:32:11,725 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2023-05-29 02:32:11,726 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:32:11,727 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://global-login.sandbox.streem.cloud/samlv2/acs
2023-05-29 02:32:11,728 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_387991c95a4590ff9e188f4f3b5bc17f"
2023-05-29 02:32:11,729 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _387991c95a4590ff9e188f4f3b5bc17f and Element was [saml2p:Response: null]
2023-05-29 02:32:11,729 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_387991c95a4590ff9e188f4f3b5bc17f"
2023-05-29 02:32:11,729 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _387991c95a4590ff9e188f4f3b5bc17f and Element was [saml2p:Response: null]
2023-05-29 02:32:11,730 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:32:11,733 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://global-login.sandbox.streem.cloud/samlv2/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;global-login.sandbox.streem.cloud&#x2f;samlv2&#x2f;acs'
2023-05-29 02:32:11,733 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:32:11,733 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1YbHVwY3k3eVdSTmJXWFVFU0hQOXh6OHVFRDYzVmM4TEpCZ1k3MVAwTlVJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1INGJSeFNOWEZ1JnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy
2023-05-29 02:32:11,734 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1YbHVwY3k3eVdSTmJXWFVFU0hQOXh6OHVFRDYzVmM4TEpCZ1k3MVAwTlVJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1INGJSeFNOWEZ1JnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy', encoded as 'Y2xpZW50X2lkPTM1NzdlZTc4LWQ4YzktNGFkOC1iMTFiLWM3ZDRiNzhiYjYxMCZjb2RlX2NoYWxsZW5nZT1YbHVwY3k3eVdSTmJXWFVFU0hQOXh6OHVFRDYzVmM4TEpCZ1k3MVAwTlVJJmNvZGVfY2hhbGxlbmdlX21ldGhvZD1TMjU2JnJlZGlyZWN0X3VyaT1odHRwcyUzQSUyRiUyRnNhbWwtdGVzdC5zd2FnYS5zYW5kYm94LnN0cmVlbS5jbG91ZCUyRnJlZGlyZWN0Lmh0bWwmcmVzcG9uc2VfdHlwZT1jb2RlJnNjb3BlPW9wZW5pZCtlbWFpbCtvZmZsaW5lX2FjY2VzcyZzdGF0ZT1INGJSeFNOWEZ1JnRlbmFudElkPTk2Y2M2MDlmLWZmNmYtODg5OS0yMmE3LWRjNzI1ZDhlNjdmMCZpZGVudGl0eVByb3ZpZGVySWQ9YjRiNDY4MTYtZDNhYy00ZTU1LTkzZmYtNDUzZmYwMTU5OTQy'
2023-05-29 02:32:11,738 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://global-login.sandbox.streem.cloud/samlv2/acs"
    ID="_387991c95a4590ff9e188f4f3b5bc17f"
    InResponseTo="id10d3e7d1312c432b8e75dd8a305e32d6"
    IssueInstant="2023-05-29T02:32:11.713Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_387991c95a4590ff9e188f4f3b5bc17f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>yJBEmEQ4Jm1iXpZQooOi06nUGv4xXj180a1DA6rAJKM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>aNktYn35ADSH9OK64yPXmE86b44kPSzxCRyERaY5xgN+I3jJHAitLLRyvP0e4xKGUSPLtS4JMBBz+CmEL/hxX74YLYMK937r/BwBSPVPpk771z9Ld8otCLgWAt4OxCb1pLHhMSPb2+Y+U8rRVaGFRFGmzkLZ3LYScr+cK9uePp2MK7ZFgWwG2Xhb9UI43Bha3mgojapBT1+d197tqW0WNaulJGtP3RrFZBEr3Q9wTXYeqok3nb1L0XRLHs2K85HfJlP6InCwwpslH2NlD7bBzO5jOezwzBBgYVa05e78kvM/KeDSCpepthpDSdYOb4DRlXftC0v6BD34cjncbsbpFw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1c934481d50a675a941c25a595450e9f"
        IssueInstant="2023-05-29T02:32:11.713Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="20.83.144.189"
                    InResponseTo="id10d3e7d1312c432b8e75dd8a305e32d6"
                    NotOnOrAfter="2023-05-29T02:37:11.719Z" Recipient="https://global-login.sandbox.streem.cloud/samlv2/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:32:11.713Z" NotOnOrAfter="2023-05-29T02:37:11.713Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:32:10.724Z" SessionIndex="_00284038adf46d5fadcba899e6aa971d">
            <saml2:SubjectLocality Address="20.83.144.189"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:32:11,740 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:32:11,740 - INFO [Shibboleth-Audit.SSO:?] - 20230529T023211Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|id10d3e7d1312c432b8e75dd8a305e32d6|https://global-login.sandbox.streem.cloud/samlv2/sp/b4b46816-d3ac-4e55-93ff-453ff0159942|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_387991c95a4590ff9e188f4f3b5bc17f|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|C5OYJH47Y243KBWO5RAC2QJZJWFQRW3U|_1c934481d50a675a941c25a595450e9f|
2023-05-29 02:32:44,155 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:32:44,155 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_ao855i9ctjeqjtkbupobpfalvutc447uk9fs" IsPassive="false"
            IssueInstant="2023-05-29T02:32:43.284Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_ao855i9ctjeqjtkbupobpfalvutc447uk9fs">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>spydcDID1Gt4aZeDyT48bZnFMKg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>QNkzP/eFCHmi7QEtJG47p+e2/OIUO4knyEVzpPOkNqXmASV7jTcDVc7CzxuBTW5hJ/QBaFPOMyCQ5My8fBc51wGDsgN7vau30byUxTu3KmxOimsLlafaIWT24/26WYwO1Iw6/bRuipxj3cNHrh3roi+QypGDU0RCm1fxrWzNTQh5LjwcYfrua+qybBwS7Xl26hQz6Ct1IQlkm2mLVIIvcsAylmQoq5K30LqQjkmJU7/r034XTzdavP9vidXzhPBeM6V3YvvN9q5KMg8rHLlp0qJBa6TfuhDAiLyWstzRgpyyTnmkxEVIxBnAXrjtQLGrj135W+O52jji80M80pcKzfnDPvTfHrEpoD5PmMsKgP52xzC61Myp/fHyqFcThquJyW+QJI2ZxnSACigVB2WpSh8gdEhCr3iFKlgW9tXHlBoGFs+HxNj4or4uOW5St1meVkGO9IpNwkoXPmXftzui8rDwHHUx18e5OKn4h8KT03Po3lYdBYfu9x1kteoDFOyFmNAD07uV+A2wOWtnSjVaCSEkp159hj1Je1Ojwz90y8eSQlU0g2oLQXk6bPTR25rJQil66rpk6czEHZNxL1KsdIc8J+5je48E2qZXMxYJLzKcehud/CSCq6svusn6NtfU97JXkYWGNabgUqJXmluVRsMEs6U4VZZnz/2WNZDgai4=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2023-05-29 02:32:44,164 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:32:44,164 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:32:44,164 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2023-05-29 02:32:44,165 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-05-29 02:32:44,165 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-05-29 02:32:44,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:32:44,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-05-29 02:32:44,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-05-29 02:32:44,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:32:44,165 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ao855i9ctjeqjtkbupobpfalvutc447uk9fs', issue instant '2023-05-29T02:32:43.284Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:32:44,166 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:32:44,166 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2023-05-29 02:32:44,166 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2023-05-29 02:32:44,166 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:32:44,166 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ao855i9ctjeqjtkbupobpfalvutc447uk9fs and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ao855i9ctjeqjtkbupobpfalvutc447uk9fs and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
2023-05-29 02:32:44,167 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:32:44,167 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2023-05-29 02:32:44,168 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:32:44,168 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:32:44,168 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:32:44,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:32:44,168 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:32:44,169 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:32:44,169 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:32:44,169 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:32:44,169 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:32:44,169 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:32:44,169 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2023-05-29 02:32:44,169 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:32:44,169 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:32:44,169 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:32:44,169 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:32:44,173 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:32:44,174 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2023-05-29 02:32:44,174 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:32:44.174Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:32:44,174 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:32:44,175 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1779375059::identifier=rick, context=org.apache.velocity.VelocityContext@2916cdf1]
2023-05-29 02:32:44,176 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1779375059::identifier=rick, context=org.apache.velocity.VelocityContext@2916cdf1]
2023-05-29 02:32:44,177 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:32:44,177 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:32:44,177 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:32:44,177 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:32:44,178 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:32:44,178 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:32:44,178 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:32:44,178 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session ae6be087d965daf977c5e5a5829c2412f6b5a0e392cbbcbc83309792db45de68 for principal rick
2023-05-29 02:32:44,178 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session ae6be087d965daf977c5e5a5829c2412f6b5a0e392cbbcbc83309792db45de68
2023-05-29 02:32:44,179 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:32:44,180 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:32:44,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:32:44,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:32:44,185 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:32:44,185 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d366da45a64d64df6cc2eb84f974195c
2023-05-29 02:32:44,185 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d366da45a64d64df6cc2eb84f974195c to Response _15790782fb51b3d70ee1a50433223180
2023-05-29 02:32:44,185 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d366da45a64d64df6cc2eb84f974195c
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:32:44,186 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx7SKv3j2fd0BOtROdc0MNDhccfDaYDcCjtLye30qPYWcEMQ9XV9QQwbgMc2fLm7qJYtYGMMNwI2BizIfVxqCJtsX09p0pfXwTXz0WWyxAOkZepWYmyh9h+qFVaJj7/E+eE0r+u/GX with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _ao855i9ctjeqjtkbupobpfalvutc447uk9fs
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:32:44,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d366da45a64d64df6cc2eb84f974195c
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d366da45a64d64df6cc2eb84f974195c did not already contain Conditions, one was added
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:37:44.182Z, to Assertion _d366da45a64d64df6cc2eb84f974195c
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d366da45a64d64df6cc2eb84f974195c already contained Conditions, nothing was done
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d366da45a64d64df6cc2eb84f974195c already contained Conditions, nothing was done
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2023-05-29 02:32:44,188 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d366da45a64d64df6cc2eb84f974195c
2023-05-29 02:32:44,189 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _d366da45a64d64df6cc2eb84f974195c did not already contain Advice, one was added
2023-05-29 02:32:44,189 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session ae6be087d965daf977c5e5a5829c2412f6b5a0e392cbbcbc83309792db45de68
2023-05-29 02:32:44,189 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session ae6be087d965daf977c5e5a5829c2412f6b5a0e392cbbcbc83309792db45de68
2023-05-29 02:32:44,189 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:32:44,190 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQx7SKv3j2fd0BOtROdc0MNDhccfDaYDcCjtLye30qPYWcEMQ9XV9QQwbgMc2fLm7qJYtYGMMNwI2BizIfVxqCJtsX09p0pfXwTXz0WWyxAOkZepWYmyh9h+qFVaJj7/E+eE0r+u/GX
2023-05-29 02:32:44,190 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:32:44,191 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:32:44,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d366da45a64d64df6cc2eb84f974195c"
2023-05-29 02:32:44,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d366da45a64d64df6cc2eb84f974195c and Element was [saml2:Assertion: null]
2023-05-29 02:32:44,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d366da45a64d64df6cc2eb84f974195c"
2023-05-29 02:32:44,191 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d366da45a64d64df6cc2eb84f974195c and Element was [saml2:Assertion: null]
2023-05-29 02:32:44,194 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_15790782fb51b3d70ee1a50433223180"
    InResponseTo="_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
    IssueInstant="2023-05-29T02:32:44.182Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d366da45a64d64df6cc2eb84f974195c"
        IssueInstant="2023-05-29T02:32:44.182Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d366da45a64d64df6cc2eb84f974195c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>ODEsoD0bvYJRYo0ybGRF8eQ7Gvk8KPWhLU7Lhk/fwtk=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>TqyqZdkrmPO/8NpDA1Jo7OJdOOeSUxqvM2K4lWu4oYo8dPABmRuPvn9ENaiyZCPox+a5B2LojDdyk5RvmOMVaKkeXnh6g06796wM8TSZkFA9MAvBVYHDlYV7n7NAfTgE0ZosVLVY7Fn6WGGMI9nK3+OG11jMINdXsFXmxZL+7Ruk40rmwGb3lucIfdB77Qvf3Jh9iG664txxHsXPIJhdtKkEfDey+Qx9ub3ooJpOPEbxIslfEe5frRTzyW08IIi5e336cqpbYSxUzUp7reVGOj8uZ7h/dG998uCexOscXz9xgT8WSPvZ3WJXwbAarYhe/RDib9v+5msjQa2zUAnPmw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx7SKv3j2fd0BOtROdc0MNDhccfDaYDcCjtLye30qPYWcEMQ9XV9QQwbgMc2fLm7qJYtYGMMNwI2BizIfVxqCJtsX09p0pfXwTXz0WWyxAOkZepWYmyh9h+qFVaJj7/E+eE0r+u/GX</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
                    NotOnOrAfter="2023-05-29T02:37:44.187Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:32:44.182Z" NotOnOrAfter="2023-05-29T02:37:44.182Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">jHZdhGkrvFOzF4nvTFB+8JiaQJwTWn4txXf2h/vTKLk=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:32:44.177Z" SessionIndex="_4ff41d39f4c37d9100294cd2a2f4b665">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:32:44,197 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:32:44,197 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:32:44,197 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_15790782fb51b3d70ee1a50433223180"
2023-05-29 02:32:44,197 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _15790782fb51b3d70ee1a50433223180 and Element was [saml2p:Response: null]
2023-05-29 02:32:44,197 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_15790782fb51b3d70ee1a50433223180"
2023-05-29 02:32:44,197 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _15790782fb51b3d70ee1a50433223180 and Element was [saml2p:Response: null]
2023-05-29 02:32:44,199 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2023-05-29 02:32:44,201 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">jHZdhGkrvFOzF4nvTFB+8JiaQJwTWn4txXf2h/vTKLk=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_15790782fb51b3d70ee1a50433223180"
            InResponseTo="_ao855i9ctjeqjtkbupobpfalvutc447uk9fs"
            IssueInstant="2023-05-29T02:32:44.182Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_15790782fb51b3d70ee1a50433223180">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>c+vDaGqeL7OYb41Cf5vYdmAnaCL9YmsyNpt0qgGjTzk=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>UkjZDgOpPu/aMF87PM8VICWJEB32UXJYgkgR6/pHQVfL0Nx2hxXJUvk84qHFyLTqWkxvQJinyVACxrl1Sbti9TBAXWcj1j87E2dDVE8JhQJpaxDmYGhI35A5nM9DjMl09QlAxGraGV6HjzXodGXMeflatbKmFj1IgKywmqpk+RPI2ebTfOhfCm8CZ/Iz3N2IU0abmODctZgFwCBYeQAOAVF4zDaAVQmDhjq3hL+Wf0JEUQAkNVzJmFbUJqBkMtWXy+XyZz0pcrqt78vAG5Liy4zOrlufbVV3uGZ4VMbLgtvqNeZy1MtlhFhHdX1/NAlWspIn2KJmpVCxW8rLEwZa7Q==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_ccac6c3187bc0ec8b7732e2a5951ce36"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_8b78554bafadf309efcff6aaaa8e2f38"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>IfKmjtsTee6pZlzIGkq4pShbKNsYuO1ZVngzJa1Z2b0UWITmp3Uvxtb7SJ9C2SoU8p+CSqv00sobsw+MTMuKWeOg2KiHZQrhMDGbR/ibOPegTb3cuGv+v7kdK+devK578AToyp6RhdcxzajEVpHmBBamO2SGUv1/yY1njJ8+F+1oQ78B/rI/VM7iGLZkbAd3D9345MgO5KgX1gEQL1F+N4gMs6Yd8n/Iv6xguG6J67hVjNLunZxpXav2ocA5LMapLOg0tp5nk8cAX9GIHzPRExQwE4dJUxbv142TDooTD2dbAItC8uOIIg7q1vUTVINBbRHU2RMTW0Tf8GrdAm3ZfbWLdX4oHroKKAwZk3X2k+CwqavalOrvQH1J/7K3A1GrYi89FCcgk6Ec4grTTecuzTVq2ACzXL99lrw+pPxdFATkkGU+2atZj+BjxOTeUN+wcWakrqrxIvpC5WCWVyg0Yr+NLlX8NHhUMBqMwrStOw2+hXBsmG8NuRS0PakqgFaED/pvUx2nmzvTIHWrZx2liH6AAZv+bN1jxglbnSvh68HNHZr1/75tZ4YJAXKeFmygyag6Jhtr4olKfdXn73eiVZ25I5UJLDd3UKRlBN9Noy8Cs6QKgX9Wa1uMmnDTUd0BfNgh7pe6yvMQVpEkmSXaxSptiOT8ob4w+l8OKAlZZdA=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>3gfPacmBk4gm6bRRdCIFfMcTmlCTBvC22VT2o+0qftXK8O4p4m4IIcJiWIwpR6irBjZghLqkHJlmILeBL17JBOzm0yoeLxoT8P4s/+prnaddbxqaSpOLSr8vnKURbERf5GAp9Wy1ugX4+T4KWlHL8hMXE4jEmOkwx73rt7ogNT8Nand1KiImfD5aKJV+IX7IyjBLE7llf3geUf2fc7K8MmFTDTDvIUAEGVoKSluPEGVfUBBkqvZWrVaVn5gZkIyDgTD2+4ZeYzIvDeJFIBYuMLeofcLh950FOovLaH8Vayh6SROrx5eO1QcGzfV3jzCAOX+YSTNOw8FBxpygTxyS+Ym1XYNdYSYo+/hASlCPQ7CRlpTZcoZv04Mf0re3PVCVL6g0OBGgIvh+WQT+42BEm70/UbgCOn9zUdhq3snfipxhd67paiZm/SRZfJG4MTT8zAUg8GKpuU+JAQTDk2aK3onrijaRPZ++FvUr3xdKK/Ywu4P6mM64WmMjHJQ/8HTdxiMuF7jXDZYZr8Ry2EEY3DxCoGH6mWiBjE57a6u2PCyn7eDTYlJ51i32oyH9QK+UpM3mHfkCY4kHeN14lzdYW32JkNHWviKp0SyAoUJzpjKagbJBC3fFpD96dw8vszlzhf93ohFVrqB4LaYc6Pv79xTz4JD87op52aVu72RHS3ohWdwUK22FR8kqytr9rIIEy28tkm5EaKNZzAXGW0gBdz/687HGEcYRQbb5rBpX1Mg00jFoO8EZK5v3y3jteeblS+OTlF/nmJZ8rH5DsqOOMr+rpQ77eYKlQylJTthbd2Ymi7XWiwo63oaX1Az+n/9tBETfbcsL/Pnd2kWcYSWoO/ZuCv8hEoQ63PFLOHk78LfIMJfHSmIUac6GQHAXfFXbEiygSAJ3nJimBA+K985X4CYaT5YMi6Ed7YLi2FckNu8qkGX4sQz1LO2oXxaNUbZrpJGCNhcURjiNe9ELi9FEgSITC4kn6CUgSR8z1443aJiv8XOBuxhvthsdtX5qbnETvgsU1y8rVM/Dop/1e6Yw7D7T9Rs+gVreesbql2ycRlEkO5F5hxuLlCphiOp0fEMg0TzkZE9uOkRCs5F0EETxyWeR4gCesqECerOrSWlwC0zMEAheA1kwaf47B+FQVAqR8d+PEFtSXM/LUwOuQ1zZKrlUf4W8IsugF0AjUtcwTIzqn9wuU4simC7X+VdHkMCEK9nlIYjKit6Yj99j3vBw57fE9+wWh2uqo/CpJofXphTZsDjr3HV0l+8U8bf/W1guCkqFLDSwrOc30Q1KeO7bULS34eQtXz+Ar0ykrZgx4JsjG39ro5h/iGYELyaErXU/vd5tuyxhXMz48OAZydGowpsE/5OQmoKssbNpyFNEPtofIDGljaDgWszfz041KBzLoTLDKJtp0VZjaXiAkwE9SmWlULj8ceVPVTdH3myHLpTZVTn0GlBwtRSkjcmRpzQWhcebKmQzmQxzdCGZbH95Sm35FSVS7xU6+fLSqa1EDy19MS7ydm1smPi78Z42TAG6C0rwvWWJie0kdeV7m6ej2hcBr/DvF+o5teyhfBBMfeozXd0ShX4IHg9f6U7TbecT32Oe+OmzsSg0K3PnGlsN3PX765nSxDXlcg1B79kDqREYm9ChMsKiwiuhPO20Qhi8RGljawua3JwSKJDm6ACGlZIEWIuLh7mnWCfKN2eqeGvhkCUADxtMUoOiGL9MbzwH0TXAzAmDJV8vsEZFiUU2YVw11dp5CVHKk1pCbq7w0l6wME7f8B1RiJd6sSiMOkLT/2W9b0iTkAptKvukFfMrZCsGsyLXaGZqqcOTY1JVYUrtGFusuCeopaOv0gpMhDw31tqsEFNaMTN+lBrjbBTfJF/FmdBddtoxC+qFplmNvtzwHp2TsNwB9XeBN/lX84ZL5+hEKYke2qOOILXuJDs7mOZ+LpQPgFfYFUWOLuSsv/o14yzO/8HB+Bg6QorRnGg4VDVnpv8MZQrCRs0mYJEwcIXj9X/XvzOHut8JBtWj/02emhPLK4urELtcKLtYjgah4XpVlrGgUr+jwv4slcvQYIzab4dSsbyeOxv6n4OINIZ7BoVHtxw9h0mNxsUVICVr3zWJ5JqC3uDED1evE+dygVI5SRQM8St5ZOVpRLvNmxbkIRYuSm6jNROkmPoscESRXYKbGAAVmjkA880NwAZJJybrXJXX9mB1dw5iqMJaGYvgz+RpJvUQqVma+KATERTN6He6al1zqOw3lGGswe8ljNTlzSNV6lOhcl6AkpXhSEN/2S299BIkszn57LnTOVOmCnb+xhIL2veXvGirCrQmNUsQXGktLpoxqTlNwNAZTwi3OoCqH3+q36eVoKHAeIrr9wA6WIGOB3EyoJLigI+r5q6UzEArX23iU/e8fEQmP1Yvo5bEEGc8xYYEUy0lkQbJpM4bq1CJx8fYuZIdtuUNtnx0ykFD8u2E9Omu6/aUQu5/OaFqphxXuPrLSw1iMguL5G82E8tyUtos0QU9LKBHUbUTnoCwvLOn9SMnvuTxip/90AS7p+hGTdNFgrUZB0WcJPRJTmMBlQKOk3onj4DgF5Kb4gJZOKnJBq3SVyzW/NKQx/Yf6c3GldqFQO+69s9C81OtWwc7a5kyunl/ZUa74ov+xhn730En1w57dM3xZzuqhvKW7Etz351A2qHL0NpZIZT6e7si97w20Y/1XP9t8PM+dioTY0iPri/De+xBF06dLjZUZnGLdJ5z16Veas+MzrcwJyzT61bt9MVOuhTfg7lswnvFTHu2Cor+EkO8exXuxoagXkvChKR8J4Wraii6FbseeMOD3jzWJ00dnfKaWeTzw+k3Qay87zthjYU/U8c8PhpDcvY22it7EzBAUQxWDaQpRT0WwrmUo/lgMchEUgsxNRz8r9QGuGAh8pvHHI+ef6248G20AgbZL78OiM0h/LiiyfG6vbM+WWjcviz3WCm7MQuHjhQ4Lo8TI+3cx2SLdFoHHpi56AMVR7Unr089mZKzW59/Q4F9hmNj9ZGE8HKD9hxujgJfw2R5TBq+gCTEMySUJ03CHeciavxSD0D3Ks9UqBfMBw/NUpzHXqoE7dWNtXh3q+/AsUZZ+BqfrZ6uCvqWIFM7PwmDrjIPhf2sTeEye7uTdnouwXYJ3pWFqma4gap3c9u8Z6FZ8yTX3aYVgc1S4PJn+oe9Jsj7UNs/Z3BxYvzIsngOSPYP54YEuChq8E3qyy/Rq87LI0FL6ndUlFnV38jo1JFPskbIgk3HzCmYeQvF24POTV1BWC74cqaCkWfrsmhTnxAlK4bTrszsae2iTeLCTc0C8FwXJvdRaxDalPUsG27pq4ndnXhVs08N08njfEAI1OyNG+ui0b3fQ9Q2psFWozzd9O6SoRV8cPf7i2JyRcjVA8d7NeyOhfEDCEByLP98cy9R9G/3Do7NZQtvGLKeWF9rXdXSvCTKuqlnREs0S4AMyWdvgIPpodvZd9GLmUNmTu2mKdOmlycFLHcwubhKzaTjD0Drf9lnohLVc/L5Uag3eUpL9LurJoXNL+W4suGN49PCxXyF9iXvk6+UKVwz5rvz9TGIW3oMifNfcMlRZN1gzuy7AbDxE5tvqXnxzTO2vFpZfYgc11VdAFjTQt1/Ka3Q+OCQnQTXtuGrXKA/mJFsROEJ/Mnvh2fIDro33+QhajolNleyUiYavVI9q1TeJOxpDVyuTegFrP1/4GsvAPSp7NO2qqRiJ3ItVzCLFaky2KGG3DWTucT3LdqvynQJFXz3nQwK1f551G02RPdqWq/AGtj9avT6/2r406g9gRH6/jOvvo8FJzN4FbHcN225apl2/+FTKNX8R/mqCk50YfIAhR9aYJX+PBfK6qvzjm8n0c8HmIV32G0TE9ArkU9NUnvzGbVxJap5OSPbx1h6wN2EpdWHasNRsN0xvNid2i7LgLEcUUwB+zxUfrsohK4tbNbdLZXCCC/pyfNrUMluQdNCDMyXImpoCzzMzLHKEIpp/CL5ycmHPixRDNQoC9oiuRNRnEr4xGKZq2Z/v5gmYkaF39IqLnNY+afdfYhcraRLHJln/UZgY0XSDniOUwzcGiXuZPo8MKRvxnsHrrNem8kjkxwzSu6zWaYT1oGXXPF8n8c0dN9rMcLbHEJQt9xTq655srwkgFRs5T9FnGyaXogZuQjvdtupsPL3HNm7CFyre2L7utrFSnagpKl7Ah70McrC/JlO6Z2LrLnRmyFLy3V/Kv7c/UOJYXN+9YmKHdw9cSz8B2isaqsVLi3HxYy2+1sMMSNauCPHYRsPeTYCE6OzItd7JKZCt7nLPmAkbCbb4xw4hm9Y94xPBvKuzovYF86anEJ9YUt/rC+cBykUCOQf9gIlD1SF58VJzrhcjAlNG4AUlaCl2gy9om5XuTTIHgaU9BGRo0R4CKnhLe0KPTLhqzSgONlX62/aIox6l6gBeo2ZSyTedk3+iXA/T/eRuVA0cNi5H9/wDDJOU0zxvJMJeq4BVHQV5bL0TJ6wR5r27zzhE2kgpmonxEcPCLqZz2Lmr8wJ1z3Uq8iq97yDzkcQxkeUzygUsAceBvLWAAcNh3vWq0IOts6BtlXOuO+GtDV6oq+ABrOOH36sIrcOmCwnRSRBWkerBMyoH+XxFpHbR92R9/dsaRRI8zlT+iV0S+ccw98j6Cyi2WzXJuTbXh+vJvMZb2xlZ69/gWz5Ag90q5VQZWzeBmkOGi5gvP70aiKpJhItn0DxhKHEEWBZGGLsMy0Uvwbgxs8nwT7SzJD/gCLYl2mjqvzuduX3FPAH0HSpX10kwSkRDVAWZtqXC8qIZI1Ta204C89Zu018iQCtlo6NP0ds2PtIaMS1nkkbAEJq2JU16o1x9DfF+JcWSmsBOhEGhQv0SgCBjx4ya7eZRM/ZWx+9X5lhmIlaY7cri/og6nFm0mtRCT0O4lY1ddk1C34xcHzaAedzjG7sV6/EUPSzYX0pdZmqGaUlonig6Ue8Ml6IrD3U6Q1FXvNpyi95MEQ6xh8lk6KGHpZeEMbh+yjTqdZcchcUVJHzHwkVz8zkDIhCzv4yA+dFDiRTq996uoIwylIzrVp3cqP5KlD14w0OgL1W+DgRja1PiOT14XQ1HNn3iaPogiHjcSC6kBu5+qnHuPcrwcic55M+51UgAciulPdOT0ZCBgU3k2N/YEYTmR/ILjU5nUNfYjhSYlPrX+tz+kKdh7Y83mD+YmzVmhZvfHqEta1coiclDPAyOfjqXW0whXCx634E9fkwpWHiBc6pyPibQ3QWfRCPlTgsuU3LHmTUOiDX8Ki4SDjEm5yTbGRWHzfejnwXf+vSpewqXt18hbguffRjFHh7BXJDQ6ZxBkjMmvWwFbGKYkUmxmyZto2C5PIQwM8cGvxUNNM2Zx1sF3rH0xl38oYzpH1sJMLeJ6oE1Jx75xRLB3SEeCIaFGUPC15xG2RO4YD5jeSVW9g3By32lnIfltJKSjMhU0pghKDqhlmW6HqAHVjzLnByVDFqpleppsDsNhrneibNvq4AXe6B407+VRSqRBZ4ggbfisbwQCoXTuGTYCr8ewmtepTLaeKVbOXMVMsnezFhgsAnDsTpHYuePFngiAwkPoBLdGea4IGYEnMt5qzJcCS4RXQqeZ+AErhvoZPNST0kSRg6S+aCKy3JPQm34q0WtHhxiyOl1XSwgjPtvt7S1UAOoWx5pFnSLzzohAt2hdDZJV1pt56Tt/QS0Zn0oBKGPNeW2dKWSbqHstO5Q6tYgZnzMwbOTQvg7eeVEz+OuwRIgRQTYL+3a27VRuCVh8NFx7FFAr7W0TMyJ1X0vX0pbACzoJUSdPGx4aZFCf6syNvnNahOglQAED6vQtLEzs07XD+3TkWxdDvxoJtU4WCi85qNLfDzuex9/o4UAabdBurHJ8E9zXLhCgKUJnnuw+ggq5KWtPknmGjOCncdGj738HQ1BtahtzywCQtj71nwBCnchu0631XlPfAVOgGI4P4fxQmtWawraNnPBh+xym/zW1Tn9wvunsUulgXsDT3kV7ZCyQ0pAODvp63ZEC3tw3FrwyLBUajPJ4NaYgB9Kd1Zr9FoFjE/TlCTXkedGFszbIxVo2T9Pi23r383rkTsFcZnEI5zxYQd3hdC+quB8Cf4o9WXbWMDT8T9wLBrhJCUGqKTObAPOjATxK+wOtlCFi1XlINjLhcV6+DHT3/vXqmeelwMFcsE8mseGqoPBVNo8/q1/pO95zb5eGJU+I2xnyWvTU5yFAp8mKvImaFR/Ibbfcv4fEDMoAf6QgHD0Ru6R32ZaiLhg3xE1x1flGcxfFQfSwgmIer4XsFcP1CRf57GWH0ITczAwppjylFb8e+oSKQRVX5znY8HnMcEFpIBL3PofBlbifCt08R9QaAv/VvtONXHCbPfU/YFGz3rybhgzicaGD0VdBKbVN8OD0jzVJeoZGaZjOVqqRbTayBPWCAK62yNrJ+GzYtvkUnR97yCQ8v2iBCJYs9XPOOm0IuZ8nkxYfvDP4DOjFvqyavDqj8r6pGaqt6yAI2GQ0IOllb5RmQ6CCdwltW259syje0yp7Pis2tCAwo3ec3c33r7Ssux3z8MqLJafgJ7BJnQEipIlcev4J5uGSQKX26Ry0XWH0VCNmN0XTr6kivTDarGsIptd5ckPSofFO+zQNEbCE/DvT8JXfHPY4SB50Ocw+XE9mGxNC69B7E8SNf/nU5J1VE06/JbRiqc9GltzdBRKbHBPAyNl8BXgfWaQ1KDYKEwrlgiZxzcBxLSc/tnXlfzwyingkFdrAAvNAz6L1zjwpCcYsmcf5SHPfqWJARqR77ynAK2z+Xm35gY/d/bGDDHwiG2jmK1wLgkridPpx4ASN3LzghgII969Goq3lFnKkc+7POnhWu/kx1HpqvwbtvZggt1dZqwarjpLS/YvR7nnmnPjtuCZz/94yjgvG5Lw+TIT9d9ojk8rnKF0YAfB/T13T31NrjzUkcDQ5bgth0M+ijOI4t5MRW0UsGlC+HOS33CZqwW/Kv3ikaAPmhISFNDNT1aYW9wyTwXmDhInlaNybERMqt2Ww40sO/8Bqtd+s0wPWxLRyqbRqvUyYQ3YfU1UKUgvmbwQ2sa5+aITLgbyOg24OZc5o/lsucQoRF9LeETUDV8BR3Uz/y0Oz8Cs+v3Zi1ryUG7QIVey4ip8vJIx9TtjVGuUgQ9yTow0zwvynwamH5d3fQh9LeLf52sfPhTvgUnxrMsjliQgxjzQNqG4PRZ6bZSunN9OJvLlwEEWzIiJt8vbdsR2Eg9u4+ytPUl+g0ZCqIPfmHxU8TOPsQwS4nnffQIif2t1pdOnVMUjMyayOuwcy5nTC2dUm9OwC+BT2sc+Cn9y8gF+e/3bsxjWrDEWPWCXe8wXLGT/7g4k6uTP+TmH8ELP1u3MQJ5/RU7I00/el2VWEEYLn6pHniwW0EPJ7/8PK608hbp05gByCJKL1FBdR16eMDAqYVn//coKXn7C8xojwUm2JqEjoyWx07pMRgoydhQ5TlGAuLwq+Cd6RsFFxUrBQ6gWpWDTpUVPglcAX2R3gaI7cPUmRqHC+zZqqqSfT1V8Kv4DKOsqphncHubovLTDJVaGtzfm+RebL5YvszqAQwLEPRXRIm9D/lMzudhX17S/jxSI1H5PFZ/3aGzxi6yzE/eBTIvjBQA9TRbWgDOO6dtZ3gbufJf+wMY4UFxUEbBfPaIBlXXQibks2QQPZaxDuGYFSIWt53BZE3y3dlK1FGYotzKbNpOevyni+nUscIPTxkWhi988DMLcFcWMGzY+pMF8a1BaTcU9q0WtCnLdP2NnO2lTCe6B7yZNCqdj51Zlew45/lLKpuSm9drhZUeq1P5xA6vWZJuz4px4tBYDhwFZtBR24+WPjzeDX74Kd0+D1RzNn8Q4j0GXjrj4KnR0ol5ZN7rJVXRhy+vlpSC2bU0fFgLMOomY85HdUwNdZzrMDel2mh8vAHb3fTc7sRLOktHj43Mfc0QSZwNUrSEcnexnNusgnc9QQefMHWpZCsdRvTgrzJkVOGjfT73c0D1SbsLKde4HPvJNe5xax0qfuWVaVPuqtnfPFjq2JFK3Kg+yQJluojC5ADN750GRWJDt00J6bzZpTafXPsXIuwty55fmMb5UfG9sWvaYzKdVSryF/6YoQxlS3Fil5YGKCPkQUOnIzpF7gOJit5L07kqhE2I5vWNnIR02W84xUOY0VOGLLiwKj/c0Ygr6JRY/GQCJBerfsyGPhOBHAu5eirbVflS+GWwOREKZRZU4w0iyXumwxqdIqMOcqC3JOuaqYG6HIpVTx3oZdopkeENclNzGLaPwFnhCsP+fB7DO2qcTWotxzmYk46MSUVyjP2EOQf2q9gjVpf1qSiGq1u8EfiJZWCyZtp1mIQnsRwHzCn4mxNridDG6ji13NmHsnx9ZW8uWBJUCQD2aWKBEQMw4bavufscNg6hJ88uwPrTKAZ7ieC4SrUFO0gxDH2xfG1vhm2tlwIcKSSO9YpvtmO0WkdH58/ubUGKU/YhFr9twmT29ez3MWxK8WURHqKwVbfCN7CeBxwJfnA=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2023-05-29 02:32:44,201 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:32:44,201 - INFO [Shibboleth-Audit.SSO:?] - 20230529T023244Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_ao855i9ctjeqjtkbupobpfalvutc447uk9fs|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_15790782fb51b3d70ee1a50433223180|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx7SKv3j2fd0BOtROdc0MNDhccfDaYDcCjtLye30qPYWcEMQ9XV9QQwbgMc2fLm7qJYtYGMMNwI2BizIfVxqCJtsX09p0pfXwTXz0WWyxAOkZepWYmyh9h+qFVaJj7/E+eE0r+u/GX|_d366da45a64d64df6cc2eb84f974195c|
2023-05-29 02:32:45,412 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-05-29 02:32:45,412 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2023-05-29 02:32:45,413 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2023-05-29T02:32:45.412Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_1f10c75f-0214-44f3-8a08-0a9afffd3a71"
    IssueInstant="2023-05-29T02:32:45.412Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-05-29 02:32:45,413 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:32:45,413 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:32:45,413 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2023-05-29 02:32:45,414 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:45,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:32:45,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:32:45,414 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1f10c75f-0214-44f3-8a08-0a9afffd3a71', issue instant '2023-05-29T02:32:45.412Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:45,414 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:32:45,415 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:32:45,415 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:32:45,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:32:45,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:32:45,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:32:45,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:32:45,416 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:32:45,416 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:32:45,417 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:32:45,417 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:32:45.417Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:32:45,418 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:32:45,606 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:45,606 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:32:45,606 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:32:45,982 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:32:45,982 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2023-05-29 02:32:45,982 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:32:45,982 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@831927411::identifier=rick, context=org.apache.velocity.VelocityContext@312401]
2023-05-29 02:32:45,983 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@831927411::identifier=rick, context=org.apache.velocity.VelocityContext@312401]
2023-05-29 02:32:45,983 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:32:45,983 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:32:45,983 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:32:45,984 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:32:45,984 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:32:45,984 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:32:45,984 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:32:45,984 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8c2c1046b60f31420e62d6e3b97ac6bf65182905c324c6bbdb90822c05d0b73a for principal rick
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:32:45,985 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@539127bd'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-05-29 02:32:45,986 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T023245Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:32:45,986 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-05-29 02:32:45,987 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:32:45,987 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:32:46,175 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:46,176 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:32:46,176 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:32:46,176 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:32:46,176 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:32:46,176 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:32:46,374 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:32:46,374 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:32:46,374 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T023246Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716863566375}'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@539127bd'
2023-05-29 02:32:46,375 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:32:46,375 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:32:46,396 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:32:46,396 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2023-05-29 02:32:46,396 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2023-05-29 02:32:46,398 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:32:46,399 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a90467ca869f5fe6791f6d0497f591ee
2023-05-29 02:32:46,399 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a90467ca869f5fe6791f6d0497f591ee to Response _58f450f1fc5bccb7bf7a4335e8678f07
2023-05-29 02:32:46,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a90467ca869f5fe6791f6d0497f591ee
2023-05-29 02:32:46,400 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:32:46,401 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:32:46,402 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:32:46,402 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxW1WOez+q2yMXNuOxcUo8YTkJgcTvYThCnylRouM/eY/6LJQZ1BlFZXjmn5uBtdnRAro0CibCq5SQAxFkZ+xHWAhxo3wmcE06wZyASsqeRKaN3ypGQ6DxUbZ0WLCBMXq/Nvz3Lab1 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:32:46,402 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a90467ca869f5fe6791f6d0497f591ee
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a90467ca869f5fe6791f6d0497f591ee did not already contain Conditions, one was added
2023-05-29 02:32:46,403 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:37:46.375Z, to Assertion _a90467ca869f5fe6791f6d0497f591ee
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a90467ca869f5fe6791f6d0497f591ee already contained Conditions, nothing was done
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a90467ca869f5fe6791f6d0497f591ee already contained Conditions, nothing was done
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2023-05-29 02:32:46,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a90467ca869f5fe6791f6d0497f591ee
2023-05-29 02:32:46,405 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 8c2c1046b60f31420e62d6e3b97ac6bf65182905c324c6bbdb90822c05d0b73a
2023-05-29 02:32:46,406 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 8c2c1046b60f31420e62d6e3b97ac6bf65182905c324c6bbdb90822c05d0b73a
2023-05-29 02:32:46,406 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:32:46,406 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxW1WOez+q2yMXNuOxcUo8YTkJgcTvYThCnylRouM/eY/6LJQZ1BlFZXjmn5uBtdnRAro0CibCq5SQAxFkZ+xHWAhxo3wmcE06wZyASsqeRKaN3ypGQ6DxUbZ0WLCBMXq/Nvz3Lab1
2023-05-29 02:32:46,407 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:32:46,407 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:32:46,408 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a90467ca869f5fe6791f6d0497f591ee"
2023-05-29 02:32:46,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a90467ca869f5fe6791f6d0497f591ee and Element was [saml2:Assertion: null]
2023-05-29 02:32:46,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a90467ca869f5fe6791f6d0497f591ee"
2023-05-29 02:32:46,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a90467ca869f5fe6791f6d0497f591ee and Element was [saml2:Assertion: null]
2023-05-29 02:32:46,413 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_58f450f1fc5bccb7bf7a4335e8678f07"
    IssueInstant="2023-05-29T02:32:46.375Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a90467ca869f5fe6791f6d0497f591ee"
        IssueInstant="2023-05-29T02:32:46.375Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a90467ca869f5fe6791f6d0497f591ee">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>+PjWsZc665AdbYyQ0gdocdl8qdKS7hzgpa46SUESb74=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hO+JJ5sc5+rISodSL8cJTQdtZeHT1d31GCN2Tt7Xd/forVYP2QtUR6zR30RgQCvjg1CO2VCjwwFg5j1h8gkS4Pg9CN/UXNz4cnt+tO3FjTzrhnmQn6/rHpojpTuIVxl6u+bhuuCKd8G8uT5HgxACmodBOmn6uf7X96bHVPWbU9cUnq3JP4vsXA33bbHYU2VYgwzv6YdEI1VwKOgxNTy8E3j3MvRiqiMKqVGUJv0p09pBeCLTDL5jTRN7n2o073guYggck3CR9aq/GLMum8M33RIITfFKlFL17To2AsbqhoO6FHpDE9Og3ioRE/XjbwCqfcH/BIgSswhTeFen+xE/UQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxW1WOez+q2yMXNuOxcUo8YTkJgcTvYThCnylRouM/eY/6LJQZ1BlFZXjmn5uBtdnRAro0CibCq5SQAxFkZ+xHWAhxo3wmcE06wZyASsqeRKaN3ypGQ6DxUbZ0WLCBMXq/Nvz3Lab1</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2023-05-29T02:37:46.403Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:32:46.375Z" NotOnOrAfter="2023-05-29T02:37:46.375Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:32:45.983Z" SessionIndex="_6caecb9655c50922785eae964f19b5c8">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:32:46,417 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:32:46,418 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:32:46,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_58f450f1fc5bccb7bf7a4335e8678f07"
2023-05-29 02:32:46,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _58f450f1fc5bccb7bf7a4335e8678f07 and Element was [saml2p:Response: null]
2023-05-29 02:32:46,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_58f450f1fc5bccb7bf7a4335e8678f07"
2023-05-29 02:32:46,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _58f450f1fc5bccb7bf7a4335e8678f07 and Element was [saml2p:Response: null]
2023-05-29 02:32:46,421 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:32:46,423 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2023-05-29 02:32:46,423 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:32:46,428 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_58f450f1fc5bccb7bf7a4335e8678f07"
    IssueInstant="2023-05-29T02:32:46.375Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_58f450f1fc5bccb7bf7a4335e8678f07">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1pMZOKgJ87gnj0y29kquBx8lGn7x5oQEAai3SK7N5ck=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ajWQNQ36T4Z3LHKvDgWeuleVE9ibQUyEsjEndp4WJH2oF2P7QnMjHOlA/eF35as0CWVd4LHOkt5xxN2VM9liJcZo0tfuD2ozxiru1MMh6bXrbwP/xkz/8GD3Z7H9CHYpTVuhcVehCqXqB5lAplf5NzdUbABThs7lIpwsrDSsdb1wgaTfaRJfxWGWU6AA3L46KjcwnT9LW7LGh05kHsB7AYYWf6vb0bPkxQr951mfP5vgAE1E2Tdq9FW+1MESQ+AfwRcC5bmxHH3Wzx+vOdOa18UXejsUpxgtHlfMgYJc+jO+Fi1P4CaCLHWlpnNjO02ijbK6+U4Zw5cL2+OTquIy8w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_4341298f1d21dd93d7d5ad09c1ffdd87"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_acea9660c0f8db032b382a26375f6e70"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>vBS/Ag8M4k0ADRwgfW4EUM1FNJ1eik5ftoBhhkKOLJgI07DxWWnLYlmi/bkd5qYq8Kfdh+8ZRxTx4WHaqpnOHfu5/cWQqA/udxlnBusbytZcLzypY2+yalH4r5mYwZdvOrY1p4bC8Lfz95ZwxkqsJ+xcQbf/Wa3XQWoZW6c0fiCG9E5YRxewf6eAvQugWrRqAXbwqQ87nEvHlUZIQG7QpkXoZsdiK4TUK9Q83K4m5R0TrSXD9C8AOIkrvH7QwzwOeZHTUvjoehWQ/Mp+6cq4Q/ElIldxAQBFN+G0LNU0bXRbGbLfR/cmQXcfg2q/VWQRCaVdmTbXYXPozFNqwbl2kJLdqcKDajILtitRc/dgh2u6JELOXVXsZlBBk8Ijx8g6/khGjuqLO0L7oz79wNP4mR9dYDIzI0rvZGCvZLt97jHatZOSpQXm/lRCaF7LHLAqiM58gchjCZjQ6KJA+K3G96g5B8FxBcZdwo8ljD5//dMaTjg/g+T5B9aJQCgh7aKZ75w0p6aTgUgfP+YfT6yCD9gZvSKUMKQaD0F8r422IcwzYCVZSsp6ooS4j/xBZ5yhxTR2XrAFM3vWmZZ7tIbxhBcMqgGwk1vYWIJKsCF8AGjwxX82UfxZTge01JiybYn8HBNG7mJUzs4JJctfudjtOaOcNqkB0Vx/efb4AEi16uk=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>4WmMdyjVcILxwbyjVsGEztFMu0K8j58Nu48syl56SqrYSgLirV2pIUeVUAN9iix4d8PA7dcxF074laJSkRkVO8MvXAM96PJaHBPhoUp2vVnUJEB66VO6mV8m6SUep9gJxuj4Va8k0D51v+p27tr6N4pInugCkCaebTvrAHfuRTff6NGqVT92+EKHWBb+NH9QYGa0khghbKv55VIb6rxtsOBD4gYKWKCE78Ris4H3vzgs7VySr3269RsH1xRCx7+Rcy9F9QlYLf6U8OV4VflrNtWUhD/DsroR6zxFnWLJNL18k60ut3qtWnsl1cmkHTaktpIfNFYrNmz8sJFidBJz+DkbWR5vI9Mx9lgDVydiUX1uw8g8XTZ+RyQLLs+I3AEqCgwu7fYn65oBAPrXgiT5LetxZ1+brZHn4cy9Ylr7agj/ZdkVk0NvLrmIwTgyqEWYWxRvFlRWhnLvVx9EHCxo701FjQQ6nCRg7pSUPZTywKxOeRZjd1Lk0+GMfVxpwRf+rupET36Q8Mnm7jekkKsrVNeBmFXu0An+EAhv3I7nFkZae2xTuJ7I+Ol16HGkXFjIEs93mNN4R4TQH4iEHg7ctQYl8msKonSF/RxU38ZgwEo2qSCe5z5gScSO9H0srAg2KMO8J+A6Wbrm79UwVBvleg34M9n9CosOF8jWyIroWj8BNyIOyz0psfTF7IO8AYYMzbEkL/5MW9ECSR+lP9Ds+nQlgLZlQJvwYsY/PfGYWzln2S6z8KJM/qmvuKpM14U7D6IqJYcKVHJVFc5fbEDvyktTxoux/7H9/snsRkcQBEI3STvXJUIUhTjcTKDxSiYt2EIEcBSf4gsYCGLozydAe11Eqb54uWnXFif244O0WfH05s4SZJMRdQ2hsXpFyzL9jgEEif/NZxT/xksjG17bf332fIohTLhfMivPbjdP3SAHrSJSbyhijx0Q4ARHdtH7n7TqB5Y9wDyqO1JPD6cl+48vwbi7Y8doH7XyRi84/sE/8XLcOJ4cSyvoPuGdcbfVmFxSP9Uk26wRT7NzIxzAd0EMoWC61/jSqoxK0vvbpZYduyF/wK3B33+wzSn2+0kZhTdbgbS9xphuti8wrKmmqFGolbVdv39hL6GYQpzDg9uCoksX2YE0H0PqDNyylVjHlsNRVyqMH1SRDJnBV2g3Ojl8fN8Jg2T4rMNV4EMVm1dSgEg3p3l1gG2cWUnEodUeg0prO+dvr5B6h6mwx/EbFMd2J5Mcr4Rzs7OCfwKrrG0kvI/2qMNZzsWePZK2bywiugbyuisUOcbgHDNE36hTzOfywzKWq6olpmaJuSkYzYh7jicINZEoIRvYy/oRS2A9jIGctQA1BJc2DBvsFAWJelt/skg4g1k1I8CiQY7SPN7i8NSCcWnanSCsqYc7TdEaV427fs9k7MgI0QOgCnWP37UAhocRO8klTLB+FFB3CWiUf3pnHRdR2WGFIPRKrKV2Tbr2oZWVuvJ4zxsmCyeF2cTjkSZ0nWMsdeHNVv+vgzs6rN7crmvtluzLWnbzfQOuyfGnivmpXLUsYVlJrA/j1yDyAaV2XkVxJ8S/gq+jS/zdwQDGYhlSkdR0JLQ7PATDSFwSEAGNFGo+7Q3NJpJiCBGYcCRnYYmJqr9huMgoa2S9jr0cgHHqAKv1uS8iU90B3ujr1tryF6OR+1uffBb1IwhazTP5nkCQDQVInZU86mlKOzGs9il6WunXqsgu/IFK/PdqUIiyfm9b8mVY8lpKouZPrUvocniNEjS64CZYeHjWCyQabl4ey9vn2ipgKo9WPPiU9p4gxZNhE+LiiF6p2dxH5CoyFTg7WAcqNT/tpi8NanBuahLVp3B9rMvKuJ+nxeezgPJcSJZpp+PtZ90YFu0y0/2Q/a3PRH2tR3QEBDMiHYyjzC9zA3JTAWc9LmWW7IMhxF0+t7BWnWhwa4FOR1Dwj+N3jZXEiweK9PwEGbCgWoQhy5Fas1fMMQk7dSeA385q6POB/fgX3/3KOa0Wad5XLD5a6uckCcbWc8UK4QGj5Qg/H/TXSimLfZgw0ewv8xz0hsXNSVVW2N61Skc7BJvYSKqQ5d9t8uGg87xka1ruwk5DmEOjPiQXQ+AjBXUCvTRM7rkxa16Ud/R5B23UHdfmaZx91355J7Y/mo8SiMn7Vj2ROnH9rGqoPRu5ufet0kvGYVO1wShHwCWLsckAzOLLTBSWYL/BiTmQ5smUVWgh2s9oGudjQD9DtDDXMe+6S9SLV2fX3GX3BVb/iQUeTtEelawI3FNc9HDq6fbgmqdvolxU2c01T96CagfoxBgR2VyQGk/uj6I3bMZHTUar4RKKOTNkpCB7iX5biFs+g5NtSQIeFeELpOXQEKBo+dpm34JR0vdC/RKOdxN0ehoh3bjr1uDtGQNbYORDbYZ5EQTHeCCdlbZ/RxsrjlIVUmhmw6xQJXEI8ZCbtGKlqyeXeDTISREvyfCSJXbN9xvAF8iA4NLHOpE9GwhF6F2NMX4pdMUbGApJMCUkhLvsqRocU6fGrQw/AGz3aZtWJNaaJGVdBFjjBkTvHohEP0d2kYrRzuPeLPaauvHrF2gakKYj6VqUJ+0YyUMiEHcO2g3Uv90MbKA634VLrJjnz19OuWlmOuCtfncropSu5LCbilBpCRCJX5HXm6Fng8uR4sXHKuzUbHw7Pty6QFbcKzzaswtVhX/QWtnOs5FopAbuOqsTslPnBN/bIOS9tzzEHfup/oNKXe0Q5q4pTVGoD4V2XHjyRsFlZJqZ2yFCCPa4FUfeRe97j9WQVljWzUMpvNNszovzWs1Bc3C06fezgL1JxOUo7nljI7P2rh1F68E6t2SrBNKfXy0G1ZmrltyNPpXk4fd6YBYebLkJpRocEXMLOzI4tZHNGN+fNJdpzXS1BMwlFng6udu8e08K6JsdDUOr6OehqI1pui+pInFZjGijM1gwK7BPyFwBW42eJxNBp7w7quVIp0Y5LduOx7cNtrch+jgIeTldyWwGtN2VN4wpGX183wvlOJCivJ225oTdiJnEjHku1p6qDC2HBJTI5x98bPVyrFUVbMJwrhWOEFijLgoaD6ZfJYjT6uginJzDuRKLgp8CPeLCxsTaWvo/lFLqlZlf+82KdB13QsrZu0/du4MPUapqhai7ldrYi8y5HNSQ+l6zg+vfNLzQ0y6FauzYHXhyE2RiJbK2/B16UlEIkyJl5Y/ed8Gx0R7MvkqaK/9M5vTJMEkP2VfbPFKOdkAMSlwaFJnqkxbkj1/fpeWD1Af8XWfZRe6xZx4IR4XIQF6l3brgsLo3oNmQ1rq600QbPQeB3RQRgAgb9hYjUfUyBpJkY1PUhwAdKAe/WQ6GEwBIN2I+1eL2rpJcYPZ06149TWs5lwjthnDmSfbsDe+/fyJo8fQruGiyUPS6b7KKpsF2gQ+MX4RvwnBfO/hY6VYQjiankcVGtNpzeRLSqBxdvQ6OdPid7wQ3N/6lNQFkOmO1bmK3m3GT6CoHFEOHuaTEAXktKMESlB7i+OJU8IgBe/r96vUtFBCJBF7wIEeTEzVrMIiaSGvAiuDh/DQwRepyrisMg4un81yZkrQ/6QGnmdPbJRc5aNHrxznCJBsWCErPpqe/Ej/ibjxrVECz7AAiHippUXF986V8HGqTgVOL/rfBS3LHNQNjdJZB9bRDN4bf726jiABgfajDnSCZIN01t0nX7GGF/5rDRDWN54yIgwSqPFiChxVQNIFHK7VF0QKM9ZWIdjhesiai2e6C8AzQfs6l7F6LJyTkat26VBKkFdW7UpIcn7brVMOUXqXVKObx+stc8ZhlXQwLOvvezqxNCroLZFCHFKf7NnVTb1bpJo/Ng6hvQDb7zzqLUzHxp089TqK/PF+/vQo/WaS5xh4T03rQI6cjHNAwpWtPhtnH5OQ833lTaDoE2eR/7ZDLlCowrbEjWz4o5P9ZB6L7ft+QkEwsTUIUJy/yQX1kqezrkdm+nuEDYPkoFjVHDaoGQhabxjKq5F8v33zGRmZXVjGaHeqXpOsCwP9KcnJkub1NhqZLeYuLQk0Bj/MTeqlMXyaM156pDPLGRnBgenp8bRvRD+yItwhT1BxWsUThOq1v2LJMJHjVRA0b7WllZ12ZHh12KxnxCvuL7XgIhdMmKdOyDuCd49qh57t5ntT4a7wDp9t1IHIlu9R8+54q5O0sZbEeFmMaFxhO80WGyZz9b0xuxvTgX1Pjku9vNoYYlDPwJJAXaAaCorw6R1cXRKJloUQmOIa61dtbSt27usVkoqrGClDst+F2YlhuM1o2hjzzJHA4SJH0v7yOxjS13AlSmDDE+Ia8nUVDCwUp4fJCY6EI4gTb+UshIis1xYd6kPflSFFlz491vpqCzS893z+OE37HL/RGcHQoHDHRT3nBzNURJg9V+mHY4zLgeO+VLzYF+OzE8/+kue9V9vKn4TAjbA+DnfJRsYoXVwnXUg7WgtnfMAxwLE97hj1MOCmtIOcdQ8zcRw3DqoO8/69OXXaPddVFAeUOrXAlTOrBreyDXDvcqpyNSckR52A0k9zF3jPcMc2bgJ2h+Z6IJNZIgNQFiBhAwPpMysFz8oKICOc83DqkaSpQd1im2fZwmvfWgU2ENUeseM/OOq6bOx4ac7q01oE9269aATI2RNyASExh096mByJggDyt7oX9P1BuLZbIstJXY0v2oY6CLGbSP+pfhnNIoaa8xxHPHdgrT4Pafki+HVLR+Y4MvgEdHvgSQBXw2/Pnm2UYA8IpMqCtZJbphy0xKCRX0611VlSadbee+di9THxzcji5fuaQ8SQRlmj+7ww2fu11Rncgf7BGYHvW5pLkdjfAUUDxaMvGQaKD44ZuOftbpmPWvhr5OmKeiFnP0HN95cyc0YzEHHn/pIW+dH1L+RHfqQoQLD7+58T7B45YhBN0xq6NjtLa4rLdvJMiQeylK2QOsK79aGT0oEFJUjLh0+4E/8C1/9XgikJI8BGO9EthERo4wtDc9ZKx7cPddHGPNlN7bjFQ8r2QxIJSW+a+cMLJgsSWRBTTpkeQYddlScztaLQRf5uvOJ3r+beyKyPnpCtPPCYb4tvMSqQhX/dDuowNHEwuouTi5+yBSUyWWTlPJfB7BW2XS4d6PmUVgE1mMAPSgubVjtTz7C0+4kY4JNuOwd+q28S0c4ocJP0qcKewtJOS2eaGyHdau0vz8IUBHKdYZqaQJVE529gzq2WdDHPAAYt+LIxD7g9wzacHgaZYFd/U5vvxEhrGxC/4Mb4dI9DXYd+SKn48bG4EqA3KKNF2Rs+cmIhvlDI2x1TS+xwjYlyDMmKUQj2rKQaUyb/fTxzIHp6VTrnXXHPCg5EZLyEgIOD4FX0XoJqqjuzf1TJX2aZGRF2MWonG/WMPmitxqyi86gBXYDE8tGhyzodPki8ufJQElfl1O3JH1YAMIEGzMCGmDyc0G/F2IZxRdMCnFa8YYZThfUgeaBX71nc9KkPmXLwf5JTGjGggqHbjqel/IPCqYftcl3GmkU9bzuldjLSvmlI5qf68bjGrur54GJXKgoVBLoQIpwhkHKaIpt1cO1wE+ZhQ+S+uDpMoqt2YfqjeIOR7Wi3Z9Ub3KpKd9q6mR8KSfm4C+6c7mKNEC7doTu9dnNamdo7J71T8Slhfy6D6yzsoKUFxLgLGbcBhtLG96qcbGH77ylaxuA+iIcrVTcIVlHrDhoq63ZqJzJiseM4+1J8tnHs7aiigc4/KJSKMjqIEoLGN1aZA/7MB2RIxCXhnVMEyxAVAm7/QJVnpwlgRYp7WA0FP5RFHIkfscZM+oJsSKrzWQIA9kDMRBvV29HLH7Gf4S0g4Y8MG7C2BqyGkUZZkJbbcbxkwmuyQDrSvlLXiMgkzo7n2W9JmgmxN+dqfh2qNgsHLftcWwbXVRS1gIvMS4c5crkjgxtCJR5KIO0qVv0FOIf2EikC8OEAaibbQrO2dzs9tgie4WgCCaD+bZuHYW3Di6ponZ9svWQtJ6InEVq2UdimI4wnssRil98ZOkGrzDuBBhbx2JpefJOVJGOFOoVDTkkXf9Qt1s8nGGqIDmzwiU3B6Id7n1c11eSQGX7bm8VLmsiZlIcqAtHyVaKZSeht/UyD04OAFWLIKBRFJ9o0nYb64MInTxUvhupDvYm9p1aKfXJ2xdUwo6afDPe2I1L18KbBKCx04ZRVGCB9S2z+uBkLuM6ZCndV1aLBtvxB1evttDgGeIi7BbFwc1DWSHoUyN7l8BYIWAOmbGYdgMl6z/H4p1YIpoZoVxTInXLhRLRrQ8ycBG21DqDoozIlSY8DnHw0zUDczeqHQZagd1u8wwbY/fLPqdp1l9y9E73u+wcUurcsJm42hLtTUS5QGz0pZsFE7BIzXtFPZQgwKkI+nebVuRN2o4vl0fa2xXSdUFlSfCSPHJcJLH8aSaAbHOuojfOK6AhOXSOs2kXlFNrWYUx0eAyVzSEMaoN8MImaJq76a/bWplqIwQXTJrIvblmGZkSaJgnieX3PGVXASuOUCGnKy1TkeIVzBTJxG193hTf0XTQxJOXjVDZsXMR4sqLLzH4fgbcdTmZqjpXIa0oUmExAkXckuOTuIveKCsQp/BR8y0oL1BIck/t6QSLIZ8zRDvZfMlgQ2LRHQe4SMB0+ThW+2m55GVULoQU2sj2HU4q06SgpTbI2OjktnBpinydt7iKF0ogA4593n5oJh2t9apkNXeZ+r836+z3a0BDRl7ps+lLbxxRFPenAWRilNu9K3wJYMJyiVixr2nTE/GcVwOOnmwOCztfLfIeYy8IB8+2I62nBcTZt/E4ElOOHJyy6EF8jy3tpDbNu6tuTaf+yb2Fpjb4cKJ0Nilr7ovoYUEbIPunG+x7FTLuXAP+9oZHAp1ZYA97yhhWdYQIGSE2UA9qg/fzkVco6+fJ6i1IGHRaGomjCD1Fyp56oLYosNprwBwvHpFCMhD56WVgm+wMvHE7vvY0VOU61esHqsBkPkz9xh9nqwVeXAhU/96RyvH7rchnnZ+1c3csL0sK2+v8XqVqUy/2JmuchWP5BXkbEx6O0JpUO8Z61jCXjFvdlbZqw6d7+wtm0cIPknwwOe1MARuCPzKw7ZTWfRQTr8l9BrVs17oI+VyYuv9UIwAAe0163M21Ujei5eonf9ThhXLmMDMx91KPmQnxuG8/TEaM6/1bm8xbAJSji/xNIobYuLQJbwKlXlzGLLI5v0QBvQzMNN0PqqpR/LjTUMMOUitML8g9fhtXKXEaWapk0X53iCnuhZLPbe4/ouR1VOHxpPoza/qZYADSd5S3QDgTROCRklSO8weGzQ8XL9P/N4acRktvto/r2U5y/0BLD+xf01s17qpg0nWeMaqxFhOWZf/ovoEWrSgv/hk/ecjdAHiOkSN40fmPdU/Clt+fPZ4E0igwv7fsZkUGCHWbUR25hZG9/Wm2pwrr+t3/TScGzC6TFo7LRcZDNcPQMCjhwdrt4Qa1vegK9NNNIHcyT5oQI6s8rY2pNfGQdI/BF3pDMKtvGZxJ7EUWNpkDcfPuYdStlwV/2NwYNTgdn3f7FVICdSLF08ZaZCI6enXBEAozRMf/9vqdIH9O2vhHxja99QynEfPwGtKf5DzpXmqfhc23U9O7KYjLxQIBhaFMnbuYF2vQYDlNsHa282bTsOl9GiYS2tm6ZxMteJkbpnpmLx8DLso3hVE0IDoH35hyNK74M5l/reWs/LPHfl/I/j6Sy5biwAYGyPNYrjKG53eygrUC8Q+8Re0ikgou3dj+Jp9wMYHgLetKeYNAHzMSeosKVwCAvtTRzz70udK36HyWAK/CHA3CZFZpR7+KCsPftkO3Pl92ndSJjMHO/qy0OaFvaULh/esvaOAwUIDxCYLnD+0LXWfGdBkF9gpS+uSU6W+u4oXFOJVxjEFCmbjmDi/7IvxBlM5rtwNEKxfW9K14fyD8Fn8e3/F+Rl3fl+bphv0GaX5eYtoMzIeLQb0o0oOUAJTmdlTvL9JG9Z7iOXAhd7J6FC0/gfTqBOSzrOGY/Pd0t6tY1vq90eMfN73dwXhqWL0CCsALphQTycUuZfqHbZKP5Sv2cvxVGZ1wbUIWtt1fXIzfvaXtM2hC6z7JCjC+Y4A7vMMNfSmWL9Ymp5Wrxn6Ta/To1FIWBNNyDDdEZ/PM4GXlBQxx0aqX3wd15dAf5I8dWvjsYr6P06W3w3Y5hW8fnUjWFwqWykupd99EgPjtOMYPyr0E+1ekOViwLgTPdxM9xap92Q96N4ALYE21i/bXQFILlqnJqAdheMr8jKPcNDYgDDmCwB7+UnezuQKw==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:32:46,428 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:32:46,428 - INFO [Shibboleth-Audit.SSO:?] - 20230529T023246Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_1f10c75f-0214-44f3-8a08-0a9afffd3a71|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_58f450f1fc5bccb7bf7a4335e8678f07|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxW1WOez+q2yMXNuOxcUo8YTkJgcTvYThCnylRouM/eY/6LJQZ1BlFZXjmn5uBtdnRAro0CibCq5SQAxFkZ+xHWAhxo3wmcE06wZyASsqeRKaN3ypGQ6DxUbZ0WLCBMXq/Nvz3Lab1|_a90467ca869f5fe6791f6d0497f591ee|
2023-05-29 02:37:36,766 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:48c8ab80110d673b9c54dc5dae358a05d84c16fa9302821b6d3005ef808dc920
2023-05-29 02:37:36,766 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:37:36,767 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:37:36,767 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_6283ae410e0749c3b4b66c1e0afbb13b"
    IssueInstant="2023-05-29T02:37:36Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://lits-apps-test.lib.cuhk.edu.hk/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-05-29 02:37:36,773 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://lits-apps-test.lib.cuhk.edu.hk/sp' from origin source
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:37:36,773 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:37:36,773 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:36,774 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_6283ae410e0749c3b4b66c1e0afbb13b', issue instant '2023-05-29T02:37:36.000Z', entityID 'https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:36,774 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://lits-apps-test.lib.cuhk.edu.hk/sp' does not require AuthnRequests to be signed
2023-05-29 02:37:36,775 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:37:36,775 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:37:36,775 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:37:36,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:37:36,791 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:37:36,792 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:37:36,792 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:37:36,792 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:37:36,792 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-05-29 02:37:36,792 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-05-29 02:37:36,793 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:37:36,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:37:36,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:37:36,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:37:36,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:37:36,793 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:36,793 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:37:36,793 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-05-29 02:37:36,793 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-05-29 02:37:36,793 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:37:36,797 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:37:36,798 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:37:36.798Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:37:36,798 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:37:36,798 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:37:36,798 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,798 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7 to 2023-05-29T03:37:36.798Z
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:37:36,799 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,800 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:37:36,805 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:37:36,806 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:36,807 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:37:36,807 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1b8c33d8'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@39d4e23' with context 'intercept/attribute-release' and key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1716862810319' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:37:36,809 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:37:36,811 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:37:36,811 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2023-05-29 02:37:36,811 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1b8c33d8'
2023-05-29 02:37:36,811 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:36,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:37:36,814 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:37:36,815 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:37:36,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716
2023-05-29 02:37:36,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716 to Response _3ae818d24988e0ff3406571d630ed705
2023-05-29 02:37:36,815 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:37:36,816 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2023-05-29 02:37:36,817 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:37:36,817 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDUYpP5HecmtufRSBZPxSojwYeaiqFRAEIXevUpUNM/PUeRXPgkVS9dMD1IRwdFozijLl0SnSlcMz/UrCSHQqJciTqvfvA+XqBpzEw3+x2BZdXaXg0+dzEvhoLXEVy5SoX3tt7J0T5OxykRJ2 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:36,817 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 137.189.170.164
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _6283ae410e0749c3b4b66c1e0afbb13b
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716 did not already contain Conditions, one was added
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:42:36.811Z, to Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716 already contained Conditions, nothing was done
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716 already contained Conditions, nothing was done
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://lits-apps-test.lib.cuhk.edu.hk/sp as an Audience of the AudienceRestriction
2023-05-29 02:37:36,818 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5a5a6e4c8aa7928221f1bb2d2ddc2716
2023-05-29 02:37:36,819 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://lits-apps-test.lib.cuhk.edu.hk/sp to existing session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,819 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,819 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:37:36,819 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:36,819 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:37:36,820 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7: replaced old SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:36,820 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://lits-apps-test.lib.cuhk.edu.hk/sp and key AAdzZWNyZXQxAYgbsLke7TB0gHEwm2d83sl3E80kR83IL1lI7sAeWjhPCuMDhJPybRcnOC/M3cExzEF4VtL4J6oUQhnceyb8GAXR+K+lVtr9LT07+IlB9A41qHCrNMSBOTf32wOUApo71UDXC8X3gpQEIaHv
2023-05-29 02:37:36,820 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://lits-apps-test.lib.cuhk.edu.hk/sp and key AAdzZWNyZXQxDUYpP5HecmtufRSBZPxSojwYeaiqFRAEIXevUpUNM/PUeRXPgkVS9dMD1IRwdFozijLl0SnSlcMz/UrCSHQqJciTqvfvA+XqBpzEw3+x2BZdXaXg0+dzEvhoLXEVy5SoX3tt7J0T5OxykRJ2
2023-05-29 02:37:36,820 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://lits-apps-test.lib.cuhk.edu.hk/sp was replaced
2023-05-29 02:37:36,820 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:37:36,820 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:37:36,821 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:37:36,823 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3ae818d24988e0ff3406571d630ed705"
    InResponseTo="_6283ae410e0749c3b4b66c1e0afbb13b"
    IssueInstant="2023-05-29T02:37:36.811Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5a5a6e4c8aa7928221f1bb2d2ddc2716"
        IssueInstant="2023-05-29T02:37:36.811Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDUYpP5HecmtufRSBZPxSojwYeaiqFRAEIXevUpUNM/PUeRXPgkVS9dMD1IRwdFozijLl0SnSlcMz/UrCSHQqJciTqvfvA+XqBpzEw3+x2BZdXaXg0+dzEvhoLXEVy5SoX3tt7J0T5OxykRJ2</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="137.189.170.164"
                    InResponseTo="_6283ae410e0749c3b4b66c1e0afbb13b"
                    NotOnOrAfter="2023-05-29T02:42:36.818Z" Recipient="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:37:36.811Z" NotOnOrAfter="2023-05-29T02:42:36.811Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://lits-apps-test.lib.cuhk.edu.hk/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:20:01.675Z" SessionIndex="_c66342f3554bdc949e25525a0b4e9065">
            <saml2:SubjectLocality Address="137.189.170.164"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:37:36,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:36,825 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:36,825 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3ae818d24988e0ff3406571d630ed705"
2023-05-29 02:37:36,825 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3ae818d24988e0ff3406571d630ed705 and Element was [saml2p:Response: null]
2023-05-29 02:37:36,825 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3ae818d24988e0ff3406571d630ed705"
2023-05-29 02:37:36,825 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3ae818d24988e0ff3406571d630ed705 and Element was [saml2p:Response: null]
2023-05-29 02:37:36,827 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:37:36,827 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;lits-apps-test.lib.cuhk.edu.hk&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2023-05-29 02:37:36,827 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:37:36,828 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:48c8ab80110d673b9c54dc5dae358a05d84c16fa9302821b6d3005ef808dc920', encoded as 'ss&#x3a;mem&#x3a;48c8ab80110d673b9c54dc5dae358a05d84c16fa9302821b6d3005ef808dc920'
2023-05-29 02:37:36,829 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    ID="_3ae818d24988e0ff3406571d630ed705"
    InResponseTo="_6283ae410e0749c3b4b66c1e0afbb13b"
    IssueInstant="2023-05-29T02:37:36.811Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_3ae818d24988e0ff3406571d630ed705">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>jtIuKmaam4y55UatNKmFa9NnwHU/mx6MKvDqADDFQLQOAQjAstcPaaCfnv4wTlvY7UxJPbDqHUi9TwU+o7ydLA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>PJ/1vm305+Cn/0rji6cXQYiSYeR9rpxfnoZxMSN1K11x+cc0BcQNVd8qyB+Mt0E22dOt0sG/S949Fx5OxC7MwghnNGGPeL2QJear+25O4pSzRwox9N17e7Ms52aYbXrKic2lM9AStjMlgCUmsuxE5eTHrpA1qBn92/UXnElhB5oKE9KK7Jhe2ZRAQAo1nBU6mO2L3Isml2obcyMcvFj7Rh0AGA6c6emixE+T6KsyW4dLRbzprK1IY978Uyy6+P6p28H18mgi8z4BGhoF/QxqmStXI1ZYHzt/oXDKItl6ITwl6Q4ThvO4E7mqal/E2ON8ush1Q3FZWFifrNBB72w+3Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_e35d3f92bbad84dcdd674aad87bafea3"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_0ada07ed699a41f885c1893f265d9b1f"
                    Recipient="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIETDCCArSgAwIBAgIJAJPKWJLCM6V4MA0GCSqGSIb3DQEBCwUAMCkxJzAlBgNVBAMTHmxpdHMt
YXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazAeFw0yMzA1MjUwOTA0MjRaFw0zMzA1MjIwOTA0MjRa
MCkxJzAlBgNVBAMTHmxpdHMtYXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazCCAaIwDQYJKoZIhvcN
AQEBBQADggGPADCCAYoCggGBALwILctcpSyE35RwrLX1ubNB0Wq6aCCn3BWqiD0gKJG6+6ZV1Z2L
Jc+5sYfzdJF3826vY+VebLqdJrVjxCDSCXm8xzchwGFNJ623RigcE1lac8KW9ZJKOYOIpyzRSC2p
F1SEaKmMWiz6c6CpJVBIJn9GO1RFH7VK/0xMlwezlg53L/QZ82VjsDfZ0MWsllSGUfhSCfYy6VjP
ZPcgome+4WcHXPwOeMcVCkcD54MvQY6/WRIe0mhsFsIeInw33c/thi8H7+VPwfHkXg8rdZbDMomw
N2bP12MT/A1z9I1iGL9dp4URal7pGsPLICOsUf21l0ZcVAHeSEX2KX1Me76FVcJP30FKWFWGIcXk
Q4QH80XkrHgg4pEjoqI5uKDJLew8IYSp0uGUvHweZkTvR1QtThiJY4lmL8AOB9OPnkZLQin7D4xw
l5yzmdhJZ/VffmTrUX2rQJ80KMrmU75W9b8T4OTODLAE3FEz0vi/UbwxZrCK/tARd3r21bbkhxlQ
0h9gXwIDAQABo3cwdTBUBgNVHREETTBLgh5saXRzLWFwcHMtdGVzdC5saWIuY3Voay5lZHUuaGuG
KWh0dHBzOi8vbGl0cy1hcHBzLXRlc3QubGliLmN1aGsuZWR1LmhrL3NwMB0GA1UdDgQWBBSKuk2+
Qwpv/IloAUBhJfTMNCtTCjANBgkqhkiG9w0BAQsFAAOCAYEAhHJyIHCppAxJLPlhVtWNKUrqYS7B
BP7xbpT3Lgo6cvST68aOZnYt+4/WDTg0jMckPZHO25KcMXdipEP/OGnFllAwPPns+hvBKBUJtOZN
5ZWFdu9aEbJOqYMKQykki+vUEzVO8ykPwck8u1W6p0CCr+Hk/VI594z3/wNoccQ1Ac9BMyuzWTcS
+5nQV/tslB8Y2u37JLF6aQx4+aRy0XpIBc6OxWhmk+kd17eRYHfCoTShWBDxFniY+DRroxinCuFT
Iyaa7zyFvPUWZyKWlgaLKLl4hw6BxCm61tDtS9XGuG1OUcM176RxJmP1qlv5ndXDOXJ0VUl6dSAX
l4IRXaO8xv+llBZV0KUZvfLXcyHwnLFUMHFMpEXRei+7TLH9qQY8ILfb+wZsXDC6vJOso/nxK3AE
5jZd3hzHRYy10p62UXHKh4oP4cCP3P9Bi9clQC3rCudgt7IiYE9EZYa6nOQ4DxHd2tD5jjpShBgW
tTWEXQJ+/zX4AcqXcm+G8DZfVxk6</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WI5zOplhee4F6BfDeT9bRHzvQ0jJXP1nf52vxNY/q0pm1xpamKtMgCT4ygMSNa+j1WDU3lJqHMTgCFvZkKb49uN+mieYoW8bTDtC/3gmYHpw8PVB1qwL/0V2uUMToCVNcPrbaUMkNNkRiZP3Zon0LsY60mo8JXwJoreloGlAiyFwlcPdLH5eVx6HSbQyocAMYZODlsXJqnv4Lekm78fgogbQUN1VncqxUrDCmWzCtLAckntPpddv7TkjkQduGWtZzHGlYBWwpypoeuj3XAQIUSt5yQWHtKxuoUMjhfjp6txhqLNgdJ4lyq5iiAKfaTZItXV6ODgqdU6TSym/40bxs7gYgEG8tUQNlJiRU01wt1WcqBmxYcQuBUXv3ap8xoMHqJEgwtYgI+h6uuPF3kHF6uzbizGtTjoH62o3BHqDp7vD9K0oP8XzMpOPXrQISGGE3MSgJ5eNAdiUQt7ZJvrPLJcK8jVo2mzQr4kd6CyLzH2WeNWsh7+gYr/87ZCEyuth</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>IJnYu4uzcDwzeTJWV0239N4WnkrKMQOxCo2LgLtO7ohA8uYoIVleZwjg8lI12cH0bywyErKg/XO3lEfYeUXI/TyXFy8xsOs9CaXtXBWwpSTAiGelXwoHWrrXKhxBHgPW6UnwKxE0YtJAEnCdn5tGRhk5fUfjrDOewNI1JWVCAythbvkpazoVeBSjXFI0nHmeIWXgkZd8toEljFqET3OZW/XnXt6vzWFbIsQEa48NIHX3BMUwZgw7Tdt/e/43sx8XS2jTzzzD3+2erbjpG+gCmmdjFtVI52lV8gDT0NCjkxzAL+u1pfvuhy7lelezvNySMOy15YDjEx8RQK331Gd6IXyyxBYH2BgBXdhhYyWD4iq+wTGT36VAPfH4vZp6+BJbghcRtuTHga3N7rEmzB2K6z2G1h+OMKMHTvA5rgZR2sHFEp1oP971D1Ff94/UeXU2eU4MRzmom832/37v8H4s42nTNDgZlFktYq0sX6aM/ruUNxgPjc6BzvCW6evDx5CulMGmRfX7tCeQdtJAY3xW9GObrlpWavclnhov7aKZob4+SyznQkQnCHvQtzGYVx/6LurPItfGqBvyp41hVhQ1Capkqs4HxA5gC63LtxC0U5MA/4gmiAQFckhvgx+jmZaP9GhoohLQhcV1C3ng8UqGt9xIbFEeT7Uf+ycaZ/4UX+j5DVHVUz9USNqi1ujI41X+bKKR8GnZaMe/KJqPJ9omN4YWZWCaQCpxXvYUJOU2dGSBG49dorNcObwSMwC8FNgKmstOPQxYVg/rcJxIA6W6UsOIDux2khB1d/hEUMH028FJ8OkgNmPM7m2AMvKX3yl0TUKq+DC3LHl2EIbYCERZXoL/KqD4Bs4M84DYC714Uom0CALNs+z4foSJyXPgnA0xZC+cijZ45s9O2I6SZTMTWqzWBl0dGaMPFKEhJJg1/mJO3gZvp1i3Q6/8QJzeGjrvkxLisrXe3AtfQbc1L4iIOlWhGnEKHzuNxi5RWNrySIhCFikCw5tmuznC6L7+oGWpFU8fDQabYKILq1UC/8MfqUgd9/5hFJkJ2SF1Qu6A3VaVertppWYsltsoxF0shVMaRPul/q+lCRGC7Q7Cs/5VWBly32eDSf/CUGzJpn9ghu3cze9xmUYBCUQ4GnUV5voSpFUsUHby72nDvkqo0W5hGaSvJbXYNNOncjaRz5NeGgkxoVedj7SiaktHo6fdaIMRs6r/nNwOThDDDuqffvwncvrBDSCk4eR7pbFpCNjU4Y01d8fSXfY7m2qfk6Jxq9eSYSq0uy8ez9U105+qUOsePhGdGOFGHIkAec0YZN6IytLNPGrBXWfG83eDHm2oG5vsRXNzD4X4iDsQCR083UbeBxVsgLHGUX0FslrOyejnAbDf+MSZcw5QiI1jfx0E72FHQP6474z5Id0fSk7+lMsQkWvXevZ9aBf9Fqkc8Lg4isml8WE+S82Otdzdxr4A2iH3SeSJAvarMiRwL5oF/698CfIHUOG00l1OTQLl8iXKcouR8K6sGLvSA5g9IzlHodR+cL3wF+acBU2Safld343U7998ndn3TH0GFyBZoHRlAjl24ns9T4SaGNrrdqvVUb/FWpp5Ua9dW7hnmfrkA3Ii8w0Z9QxKxk/EoGB0HElP8nrN5ZLLcV/FJMGkGJ7GKC/dEPvcHLfU/EgwfZz0t2yCHGmLYrmdKNN+/xxp7hiEJYgKRiIGULT1l3ku0q2zu/QvTmpWeiFwrB3oJwIyPocKbbBZQPP1LWk8OVlY8of82gJdp+Wdm1ub3NJd2wD89+8PeEuoVmSDnO4RMxCeDZOZCegXn8T0B2tiraJttzedVyPRo4a/TUwfay6waTMnGnFoZKxJZ3n3Fmce8EzrDpbU1QhlKS+h38xloChjj1naNuX/56bEknjDwP9XOehqMxosahSOpgrqHZbeKMUEUde2gt1QSsTJCqoDFEXXMPyLBn6SJmqqcu3H6ELq8/hd0Hhz6745pPQQ3XgANOI6CYTJ72C61HrWf7OLWCHJJKUeysqfqS8U84/ZTkrLbc9HpSSU6+Wv7M+lJ1XChexuZXz6DpssArT1WdBOU5Cx50lnEf4O7k66rgxKtaIJXLPYmBIrEUMbfw17OzqEvugIGp0hA+9ckYRwrkSsFSymu1YLhQHKfTaOxifD4L/CaLXtI326vE1aOSBXleabg5mklYMfAv0B3qqO2wTrmNTbkmHaRehmIp+/0cURhC4znLNnW47n7vXVyCEyI9o7X3sq0VdlwiLiZoIuU7s2bUnglTboYUWjpU8Mi66g09DjEdqArCRrHI68pcKk4CniHpLoc1dOBbA4IC5acOo+VtwrHTz86SaosZcYhKLlQen9tUSHKtGjFlN5b8bW88XFakAvq+uCOeLZE4oNI9J4MYPauiMijHy6JVh2YFIddagJcuC3W6XeEYq8iVVIq7Q/J2j5+hPBZRE1Av95dSB8xgbebhjGulvj2thMJ41DyEj/JhwpQ1dSBjCywCGCiO3Lu3/3HSNiRvRIZs4I2yk6C8CESrQp9cXMlHUH+abw5GpF2i9fLeK32WJtOVcgymTD/614BU3G3FblBjvTqs3inD7S2Ce6n6G1fNqvs+6t5Sv4cT5hJUdr6Vn1AmekdSOPGDJpMH1xex7ea/6M4RXNLY5CeaPSF/UGgOkaEgY7ydKFaKZSeCTI3jy+2JRR3/WofQyWVZtcPJQCm8aDgoqQ6h2J3bYIbzWEF5ecKJaOh49oC6GyhigmHtd7/0LUa/miEz+KdNIUDYqGM5TkH///G8GOhvpBlXyNCxZZFfB0u0IAoTmYmKGE0hWBpQIZHdbFrx+dX6WOI3H0n2Sskk7SLjGwGyAS5wQK6fYJY1Ly4ujMohkD5t4EnFsJnOWfqTYRKFjUTDDbDEL5MGAUOAmalDPkr+oT4rIoDOdUXKG6KW1GJOoxFkOypeGmX5EmNi2RScNAZ5x0ZYrasMZAa3LGWBG3dfo8kpaQFEE4kl5BXXVMrGRX1n7gv2TbzxduVEp9DAxZLWFYsINVtAnLLoIW2e1uK0CTHUyRmvgqhLggBwjX03tyXv9BxtyBfQjHK6BfF0z335mD4vtgyKtfHOHFRNtZLR75brRhJev7blvKMP+gthAebsOMDkE42VwSiI7megSKHl+3dHYNP+gpkTQisyX7FNGG8gjkLogYsJJVk/dZdJajs0nC/zVBzZpWOapm0AkLQKdOKyKDEzEgSQPEyJ+OK/OONVRtaWl91xCVNCBkDnYauURuAuf+uOUzKR4o6yBehPGZ0XeA/NegjOmwmtOdnjaIn4s8M+UJDHf53k3EQH3DRbS+WaDG14ukR28XYQJ0R63RAmD+iMa8Ry22c7CvmyUTsgu72qq9FsFNn5V2mTOIlTPM1QcTEJ0/RE46INx0c4NlFAhfjLVujgsvV9Z0HOvfyWaDkxbfWYJMa6XOcekFOxj9nLxx6S6XoYKZ+viFOfCxMiJEXxMt8k6NOFuaLOMiijjLrtAzCCkcXA9qeUF1w1ukohIEtIjYyRv6rDsme+VwDANDEfrJwvSeBM/LOO03qhmSik4RQ5Shbs5xuf9mPiVLWsSrPjE5vWwh6tV3D5vdec0RYvOXrLknF/v2FlprvSCZm5zYG1TL/+XS26tH5JG9eWgTkXy/sQW6tEBH2oX8A+HpR+ealOYyHC8l0LfCkgQb5CDTpkRomOzQnUaM6QmF3OuG4bOow4WBFLLDJCY+wkZGUfRVFVJAZjobl5WPRlZqRGbMeHRmu8UFc7g2s33NPX8VCgxB7z8VV2waisfdkGSWOnzGZXm3jfrc43VkqgvKIL25MhLai6387WOfVmV8TQfX+t03DUW+1sHs6tCDZFm2EBw0amYwLayEi9qZOFQFfEOuj7GOamk4AdStalXKdlH69/dhIRrek43Ikgg8t+aNifd0PyhsMa74apjf3uDv6Jp47DI2nLWT9sGvvNVM0C7HqSAG06SGJNAxKY/MVNgIbds9LcCJMSSB3vLWHUorL66BEwbRO9Dxox5xpN7cJZ7A1g73nf5+XZ9d5RTfspVpNNX5VhiKf4nGRT97Mwtno09gXGALU4jMIWrmvkbBzMCogO80QwMhSicI7kwRAgkctStuoGM84X6lLmDc6sLA3XJ/DeHMAh+nXTBpjKkasByBbF6wCTG3Tf+p0Rik9tkTkXGZJokCSFO7CKmMN9SgyUvvaTRPHepy1wdMja9IvPXF3ubpiB0N42wR1LEQAiSou/99sScN0UM1s0ir9Q0qh7nZ3VrGQ2oDyPcvOKVMPNeKZZmzPvLnljnawksJLHGQj5ImsCym/szOKXR3j/5Gdi4kLLYqUBSvOnJc+Ni+KsjGyMrHpQsLlp3s4YikoE8fUeqHNvUdeJ5XmlPWYHj4ibudUZ8bv8gVWg8TK6Rs0s2vJoVDOTJKp7Dq/TKTZKdEN+QrjHZwOekEV8i4/Sliz55FsUxCiBXwsE2JC+aWFZDXaSKwuINIzZE7FRDNdpjA4oWbGggLOfWEPJTaJpaSomy7iq8nCwKAELJilWv2ALgfi/YcedlUnyWNyw9GjMVGnlIL0ANzDFe9qqopkY43TJrzCaiqsIDwLOuk24YlhMXQJl+jUKA6zYCFA5dnnMdSh3UtnF28xUcqKjjX6/Ojjibu5CfY5mqMtSS0HmDB1p/O14CJGMjZvufHbVJhrYA05HTZZ3Yl5Ooypj1bT6hKv5mhHZHpiGtJINJxuVF+UeEdl8IzPzp5/oZiOfTkNmy2PD+p8WbdZoVWbGcXGVrKDjlv7Ri3m1HQlhBSiofWmX6hE2KgFzgWeC/HQjtdBY2ev1vMV6VU6Tyx5aBEIqZpOQ1LY/Zon9abpPIfKDAvodJN+Lwcp1Y221AX/2OhQzVE/xEwem3svagDgc4bbA5/ye0GbBPbF+M6IY/z5Qqx95ElaCjCyuvUPmukXHnBGdRy1Lh/64Z+P25MVrFsIXhzxZKJAuPZx9vVx+hDJqsZ8mS3c6ZmDdXPWXvYoxBKeM3SqYVwJ2ZL/1k8O1LpGKhE+tpWYO8lFVn4xFyYANyBs178qkDReHLOzWg0m8VFxiXdep64RS0x5ZCOWoDZMqWbJM3Qz+uSMUnqazaeJZZ2/z92UMh6ab3aC9/nBa3OgVb+r0X68tQhID7elhxkKPyp+7mOI1oTRFeu6Z7gxT32QMmsZ2eqdwfZXVYE</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:37:36,829 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:37:36,830 - INFO [Shibboleth-Audit.SSO:?] - 20230529T023736Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_6283ae410e0749c3b4b66c1e0afbb13b|https://lits-apps-test.lib.cuhk.edu.hk/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3ae818d24988e0ff3406571d630ed705|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxDUYpP5HecmtufRSBZPxSojwYeaiqFRAEIXevUpUNM/PUeRXPgkVS9dMD1IRwdFozijLl0SnSlcMz/UrCSHQqJciTqvfvA+XqBpzEw3+x2BZdXaXg0+dzEvhoLXEVy5SoX3tt7J0T5OxykRJ2|_5a5a6e4c8aa7928221f1bb2d2ddc2716|
2023-05-29 02:37:54,697 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:087113e8315c7a780ec00f8bcbbdccb9b73f91a854e3b48e3316bf26b708e731
2023-05-29 02:37:54,697 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2023-05-29 02:37:54,697 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2023-05-29 02:37:54,698 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_4f6821c3021517b11a829cd1db3789c1"
    IssueInstant="2023-05-29T02:37:54Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://lits-apps-test.lib.cuhk.edu.hk/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:37:54,715 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:37:54,720 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:54,723 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:54,725 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:37:54,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:37:54,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2023-05-29 02:37:54,726 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:37:54,727 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4f6821c3021517b11a829cd1db3789c1', issue instant '2023-05-29T02:37:54.000Z', entityID 'https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:54,732 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://lits-apps-test.lib.cuhk.edu.hk/sp' does not require AuthnRequests to be signed
2023-05-29 02:37:54,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:37:54,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:37:54,736 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:37:54,737 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:37:54,737 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:37:54,738 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:54,740 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:37:54,741 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:37:54,741 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:37:54,742 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:37:54,743 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2023-05-29 02:37:54,743 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2023-05-29 02:37:54,743 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2023-05-29 02:37:54,745 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:37:54,746 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:37:54,746 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:37:54,746 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:37:54,746 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:54,746 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2023-05-29 02:37:54,746 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2023-05-29 02:37:54,746 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2023-05-29 02:37:54,746 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:37:54,767 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:37:54,772 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:37:54.772Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:37:54,772 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:37:54,775 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:37:54,775 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,775 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7 to 2023-05-29T03:37:54.775Z
2023-05-29 02:37:54,777 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,778 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2023-05-29 02:37:54,783 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:37:54,784 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,789 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:37:54,790 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:54,796 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:37:54,798 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29853ee2'
2023-05-29 02:37:54,799 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:37:54,799 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:54,799 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@39d4e23' with context 'intercept/attribute-release' and key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp'
2023-05-29 02:37:54,800 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://lits-apps-test.lib.cuhk.edu.hk/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1716862810319' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2023-05-29 02:37:54,801 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:37:54,802 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:37:54,802 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:37:54,802 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:37:54,805 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2023-05-29 02:37:54,806 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@29853ee2'
2023-05-29 02:37:54,806 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:37:54,807 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:37:54,808 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:37:54,816 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:37:54,816 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9c0d4cecff164e34ded8520392b082f1
2023-05-29 02:37:54,816 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9c0d4cecff164e34ded8520392b082f1 to Response _a90d045412a4e7cf1ac7f1efad725114
2023-05-29 02:37:54,816 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9c0d4cecff164e34ded8520392b082f1
2023-05-29 02:37:54,819 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:37:54,820 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:37:54,823 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:37:54,824 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:37:54,824 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2023-05-29 02:37:54,824 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:37:54,824 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2023-05-29 02:37:54,824 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:37:54,824 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:54,824 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxU/XdxXLDC0ZPLyG22oopRGg7FCRWGoZcw9INMm0OIP9+JpDiVsTWkn8Np6yqCjb8rF1gcwfKgkNqm6iFxn804S/Or8WwuiA3AY3ZQgEU26k3ilsS5RuccrtHH0IbXeHP6iSizBofxtFxc9h5 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 137.189.170.164
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _4f6821c3021517b11a829cd1db3789c1
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9c0d4cecff164e34ded8520392b082f1
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9c0d4cecff164e34ded8520392b082f1 did not already contain Conditions, one was added
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:42:54.807Z, to Assertion _9c0d4cecff164e34ded8520392b082f1
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9c0d4cecff164e34ded8520392b082f1 already contained Conditions, nothing was done
2023-05-29 02:37:54,825 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:37:54,827 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9c0d4cecff164e34ded8520392b082f1 already contained Conditions, nothing was done
2023-05-29 02:37:54,827 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:37:54,827 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://lits-apps-test.lib.cuhk.edu.hk/sp as an Audience of the AudienceRestriction
2023-05-29 02:37:54,827 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9c0d4cecff164e34ded8520392b082f1
2023-05-29 02:37:54,830 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://lits-apps-test.lib.cuhk.edu.hk/sp to existing session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,830 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:37:54,831 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp in session 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7
2023-05-29 02:37:54,831 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:37:54,832 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 541092c7748e5c85575149e5745482aebb5a4052de48903107698b51d1a40cb7: replaced old SPSession for service https://lits-apps-test.lib.cuhk.edu.hk/sp
2023-05-29 02:37:54,832 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://lits-apps-test.lib.cuhk.edu.hk/sp and key AAdzZWNyZXQxDUYpP5HecmtufRSBZPxSojwYeaiqFRAEIXevUpUNM/PUeRXPgkVS9dMD1IRwdFozijLl0SnSlcMz/UrCSHQqJciTqvfvA+XqBpzEw3+x2BZdXaXg0+dzEvhoLXEVy5SoX3tt7J0T5OxykRJ2
2023-05-29 02:37:54,832 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://lits-apps-test.lib.cuhk.edu.hk/sp and key AAdzZWNyZXQxU/XdxXLDC0ZPLyG22oopRGg7FCRWGoZcw9INMm0OIP9+JpDiVsTWkn8Np6yqCjb8rF1gcwfKgkNqm6iFxn804S/Or8WwuiA3AY3ZQgEU26k3ilsS5RuccrtHH0IbXeHP6iSizBofxtFxc9h5
2023-05-29 02:37:54,832 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://lits-apps-test.lib.cuhk.edu.hk/sp was replaced
2023-05-29 02:37:54,832 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:37:54,833 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:37:54,835 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2023-05-29 02:37:54,835 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a90d045412a4e7cf1ac7f1efad725114"
    InResponseTo="_4f6821c3021517b11a829cd1db3789c1"
    IssueInstant="2023-05-29T02:37:54.807Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9c0d4cecff164e34ded8520392b082f1"
        IssueInstant="2023-05-29T02:37:54.807Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxU/XdxXLDC0ZPLyG22oopRGg7FCRWGoZcw9INMm0OIP9+JpDiVsTWkn8Np6yqCjb8rF1gcwfKgkNqm6iFxn804S/Or8WwuiA3AY3ZQgEU26k3ilsS5RuccrtHH0IbXeHP6iSizBofxtFxc9h5</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="137.189.170.164"
                    InResponseTo="_4f6821c3021517b11a829cd1db3789c1"
                    NotOnOrAfter="2023-05-29T02:42:54.825Z" Recipient="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:37:54.807Z" NotOnOrAfter="2023-05-29T02:42:54.807Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://lits-apps-test.lib.cuhk.edu.hk/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:20:01.675Z" SessionIndex="_4c593f48b58d8159c9ac1b31b5ec6557">
            <saml2:SubjectLocality Address="137.189.170.164"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:37:54,841 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:54,842 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST
2023-05-29 02:37:54,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a90d045412a4e7cf1ac7f1efad725114"
2023-05-29 02:37:54,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a90d045412a4e7cf1ac7f1efad725114 and Element was [saml2p:Response: null]
2023-05-29 02:37:54,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a90d045412a4e7cf1ac7f1efad725114"
2023-05-29 02:37:54,842 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a90d045412a4e7cf1ac7f1efad725114 and Element was [saml2p:Response: null]
2023-05-29 02:37:54,849 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:37:54,849 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;lits-apps-test.lib.cuhk.edu.hk&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2023-05-29 02:37:54,849 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:37:54,850 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'ss:mem:087113e8315c7a780ec00f8bcbbdccb9b73f91a854e3b48e3316bf26b708e731', encoded as 'ss&#x3a;mem&#x3a;087113e8315c7a780ec00f8bcbbdccb9b73f91a854e3b48e3316bf26b708e731'
2023-05-29 02:37:54,854 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://lits-apps-test.lib.cuhk.edu.hk/Shibboleth.sso/SAML2/POST"
    ID="_a90d045412a4e7cf1ac7f1efad725114"
    InResponseTo="_4f6821c3021517b11a829cd1db3789c1"
    IssueInstant="2023-05-29T02:37:54.807Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_a90d045412a4e7cf1ac7f1efad725114">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>BnRIiD5xWyVkP1Y4Zn15l9NwhAFiNOyxOcCnTNvSroPIodXJZIzVDjMHIt4HJS8p6fn4kAmeMR7ez6bnJQmASg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SCcE3SM/dviF1HfqvMF6Ni89eJI8WJKQeSBvm41VXvEOy+NDumU+dtHoUtmqscwlv/9nx9kK9y6rVUlXhJ3YGDZyYrIJf6ELx9p6KDDnZPUgMx61ZcawokiWXE8mPTsEQhlzGSEnzLUZlHvYcU55wwvRNnYTtlC/OHz7qyovoFsoN6xFk6s+F/gxReNUvLk5MML1rjtJr45yUFKPibciJQ6vlkOSefA+xUFxi7znRxLDIvV8Wcl+M+zDcyTvUj9P0ZANt9AVz/Lk/EeWnFBMviJEpmm36tv7UUGcRCTS2VutV+FWSaKAT10sBmA8P6brk3Km6og6MN2GLo9xXQPMIw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8f0d460aa65a1ea93d61aab5abdecef3"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_94cd529ea2e70571324e2a6cb8209459"
                    Recipient="https://lits-apps-test.lib.cuhk.edu.hk/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIETDCCArSgAwIBAgIJAJPKWJLCM6V4MA0GCSqGSIb3DQEBCwUAMCkxJzAlBgNVBAMTHmxpdHMt
YXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazAeFw0yMzA1MjUwOTA0MjRaFw0zMzA1MjIwOTA0MjRa
MCkxJzAlBgNVBAMTHmxpdHMtYXBwcy10ZXN0LmxpYi5jdWhrLmVkdS5oazCCAaIwDQYJKoZIhvcN
AQEBBQADggGPADCCAYoCggGBALwILctcpSyE35RwrLX1ubNB0Wq6aCCn3BWqiD0gKJG6+6ZV1Z2L
Jc+5sYfzdJF3826vY+VebLqdJrVjxCDSCXm8xzchwGFNJ623RigcE1lac8KW9ZJKOYOIpyzRSC2p
F1SEaKmMWiz6c6CpJVBIJn9GO1RFH7VK/0xMlwezlg53L/QZ82VjsDfZ0MWsllSGUfhSCfYy6VjP
ZPcgome+4WcHXPwOeMcVCkcD54MvQY6/WRIe0mhsFsIeInw33c/thi8H7+VPwfHkXg8rdZbDMomw
N2bP12MT/A1z9I1iGL9dp4URal7pGsPLICOsUf21l0ZcVAHeSEX2KX1Me76FVcJP30FKWFWGIcXk
Q4QH80XkrHgg4pEjoqI5uKDJLew8IYSp0uGUvHweZkTvR1QtThiJY4lmL8AOB9OPnkZLQin7D4xw
l5yzmdhJZ/VffmTrUX2rQJ80KMrmU75W9b8T4OTODLAE3FEz0vi/UbwxZrCK/tARd3r21bbkhxlQ
0h9gXwIDAQABo3cwdTBUBgNVHREETTBLgh5saXRzLWFwcHMtdGVzdC5saWIuY3Voay5lZHUuaGuG
KWh0dHBzOi8vbGl0cy1hcHBzLXRlc3QubGliLmN1aGsuZWR1LmhrL3NwMB0GA1UdDgQWBBSKuk2+
Qwpv/IloAUBhJfTMNCtTCjANBgkqhkiG9w0BAQsFAAOCAYEAhHJyIHCppAxJLPlhVtWNKUrqYS7B
BP7xbpT3Lgo6cvST68aOZnYt+4/WDTg0jMckPZHO25KcMXdipEP/OGnFllAwPPns+hvBKBUJtOZN
5ZWFdu9aEbJOqYMKQykki+vUEzVO8ykPwck8u1W6p0CCr+Hk/VI594z3/wNoccQ1Ac9BMyuzWTcS
+5nQV/tslB8Y2u37JLF6aQx4+aRy0XpIBc6OxWhmk+kd17eRYHfCoTShWBDxFniY+DRroxinCuFT
Iyaa7zyFvPUWZyKWlgaLKLl4hw6BxCm61tDtS9XGuG1OUcM176RxJmP1qlv5ndXDOXJ0VUl6dSAX
l4IRXaO8xv+llBZV0KUZvfLXcyHwnLFUMHFMpEXRei+7TLH9qQY8ILfb+wZsXDC6vJOso/nxK3AE
5jZd3hzHRYy10p62UXHKh4oP4cCP3P9Bi9clQC3rCudgt7IiYE9EZYa6nOQ4DxHd2tD5jjpShBgW
tTWEXQJ+/zX4AcqXcm+G8DZfVxk6</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>FdMVxhHIGPIt6KCWfGHI/2PkCQ3xxCR4O6POcU+dBvXEWVIc0lhRsCu7apLF69IWfMH4jKfgS/vxWORBHqSdLIjFhvYxn5rRFyijFJPqVHSG0qk4tEShgiaHRhnuwQ3FFtI1Jf1Qnj0+gwr9D0ac1JTi4mSoW4xE+dmGclR/OhTxS/VbOnGTYVcqNawZ7YTBceYq6i9CRRrR2/6cplAiUlmmaB0wjoS1lGBpmPWL/Cqx0ehn0nOfHV3frpigOato8JuoDlTAXyaiW1mxRXIalCjMetaXOgsyjjbrES6eWaaT1tGzOXTmt7rBRA45iWGQVXk4nxRnhZhpDxIvf/ZA/RF28qWe/bhNnaTUVgj4ztrxjH3SRmHJTQLZ9Jy94ZMvrx7ZzjIvHwsSMXREs9hfDwgo3t75A719hsS7nHPmNUKWFt7pn5VYoCB3X0czMuTOmkqMykLmlZOh6pWrHpx+yiv4ClWcFil0OYD1/OrjME75uzHhSt5FSFtW8M9Xjaja</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>XdmWEhubRX9XpDJ7nHCm5mTt1aDy6O7smqEgo5uKOt8PldQP3joAEtOO3e6ogCE8ccwSDMKJyFeHnL4u534mnQgL6wBQLsXbUbvZK2kJ2MUKWi5tqx46Ew7nn+AvfHyunaQmYFV8jsPYC1dvv7c4YhCUacriL04HwxKEYBuFKdMoQHwd7y/xzrfTQ6AOtNKQO9iKntTsjwd2ld2nWNYrzOhvlVA8JFXk1zggJFwcc/9tcFhrGNvbiB3coU0dRo1LnIODdk4gB65Mkymo1v9M5RCqAPsbWtcjLR92z1QrI+j8Znq2jDWtTDnANMJ5WCHDCefWgzRbOBNuoWNmmpP71L1TeiPWBxRGqvMt8nL99AomP2lcCnpJDsiqmeqrNN+IkB8tQcB1wd1wVI0+3NC3s//RY0ut97jvVlaqc2q/fz9/yEAuqPGfaKLt6oGBTNIO/p5c8r0NJdKpvMly/rxSMKiHOaYf1kcJixOXJum2L9/51CJj/7L/2JE+rWG/ZaEqu1+9SZTKYk22b0A66DOis7/wkpGyjrD7xUMkk1S8N5BtwJXW17zXyutBKvp1rIh2MtenNrR4TTV2vujR85SK/ZsJxaOjFoF/g5V8eCPVitoCY6ZoVrB/JUd4FzWLm2jSmEITyQQG/cUisciuqc6L5QnyhyD5f9ZBrb1r07+loWISWh1BbrsA48tjjj0/Aq7tMhnU1PUxbJSpa3FVj1nEmwcOYuRCOGorguXK9C29AoIjCYtjlCWVikjgqRzLdENXEg55oTeofLa3ZrHCekXY+e0b44RXbZAInx7BRLXvkWZbEZczRXked/UlxRvcxDq51ssL9UbU0RRMjpg9PxCAZulCvEVVNZCR9W/FwBYeY9mFaO9RmGA1PWQiyBArSFtxZxs/wmexYGI0mzlSSGPuPysc4SGhHP0ax4p/c+6nVwcrkQbIOgPNo2GcUiWmeECD8s8WA2q8+vZwAoRwRg1SyocT19RFCTqlKjJe1XshCWw1SnF+wb751+mxNFoFJuRuhbLHW0oBUaJo1/U5Ae/x5Nl/30CctJPzQvJ9sEEKscQV7KijPuUQMRwOR4pYLOsAsrhA6WVYkPoBWWG3LadWyUW8qqD3/mo/m38D8PsW36Eia82WaOxKlNoHo32WNvcxpTEtCR8cf9/DknGzRRz7LqCm1Y7Lky2z9T0xF6xJSp/vn4Jw36TUDAfA2vXJ6n4NX9ztASTGipcFbVxtcpjO7pmQH9tFzPbM0V7KijhzukcjK+1+thkQqd1lPokvi6SFwaMxYrpE3Wky8SAnPQbEnSo9TbAZE7mZ7Czn3svFgo4bzEhPQJckeHOMuHQ09MH/8SDgEKSF54M+jhvH3Jc1jOQkCy0bOT7GYI3Avwdy6iPEYkFkT1yVZTWcRoW5dgSL0sASKOB/1kAn4azel6Bu7BF68ob8Qd09qGbTL5D/Mwds/omAjA8iNHOtHyp1/Gwy8BGLoin+Ok6auY58QyXjYmehtrCKvNShx274tYZeWhTZR7fpLjQHdjg+TCtDVy4oTi1eUJ5EIq14DTRN6N3E0lf+CLsbSns/UdZY5KVs7/5vblN6e+klWQN9F6AMw7HVd1hlXNeljoloxHhpZBDnmdVRUJuxSwDaqni0giASNQefxUjWH8cd1bEANljpmJmgScnfkayEf09CLmwHaBjGhFAr2Kl24U9izGc587XGpreTVr262up5nnfJgdp1vDCjfElsr3S5uarDsZbft7sJ92yGQ1rbZFKpQM4SXka/x/tNxdL+/y4ZGDUssOFX2SxSDNTah7FQaYw/IDP5IRE8/gkTw4J/D7EoQtcoUtleqpz2CSqttIh71dy1hqN/XknGHluTEHmtZVKiNuhQ5lf89quWOy574uqixVxMxR19c1ZFBvQRmiCz8IE4kWdUjieNEv/JxJDbE3qxhNZkZLDt6YOnEDyrnPzU0WHBPZLDhib1saOIyJQ1/psdMWf5rtfglJTnOtgYKJD1dxB25paGoW4I4BjSfFsnb1XRBh+bqt4jS2GsPIskBUM8Y1faN79fYPJZd7gVonl8XEoOM1typUpBR9l7/CgYiKE7fDVebF1qIZHhsJ10OipN7OuXMCi5Xdi7ncc0Jd5T9lwC6fQQhd8noqGG5BSpmA0ZdTUfEBWdG1bzhRJRoyYp4LDI4o/Ry111ZFccblEbgCfpvIgbj7pORV2D1YcPVvpG3QibARPV6IukMbEpMuSoR+j9gIZkqZ5IcAOaAGsKhcwrijM933Pnq629TgK1FFjn3LdBDK3EhnQziUAHRogJ6RcHLNP2kb+Co0J6BToGBoHr6zeryIGNcTHxW84o8Yb73SYO1ppx2OqHYD+7yIXaPiMaDwM/qzb0r+1D/CcADce+2sBrHgQgNurr2vpjxv6BhyiQa5gv4XR03tiJnlhV5XNhYqnrpyuDyJd7dEaFhzl5S8V0j7kD4Od8nfiqxrKZfW6ZX8lnuoeodistk3JPskIzk1b2Mz7go1g05fMzGzM3uQKPQ277fNfLlpKvBvsq3E74HrQJu6WwHXIxmOr1mlhP8a/ZdJtW84GDPONS7jctMKRZhw3TJX2nKXGH7cO2r4ZXPLq7vSsboUc17BgX1F7pggBf1GRDaJ6vwOid0tHl6lJsBVewcafYu6JIDmKwSEP1YShmye5Xjkx7OvDgRj3sfo+D+7rJHEc+IQ+mNs597X8qfH+C884hSUjeyke7CBv5QBiu1ZKDBNGmNzg9Ds0EN4EfwMwot9rIkZvRI3uViv5pOjX3c6lDSpike+Iy9MBSmBxzP1UeHwok+FisTsYsiKLl1bDsao5LezyF1fUuRuuEVkyzvdsdaORZt+WkmZjs4rTUKxlex55QypbJiFSHAKJbwenT/06cYIvUwzDkvUSsBc4FjNvRVLUaKRZJWoDxDgoxoGFqppfo5rIhejWywvd6pGlN3Qn/FlSiXBSDa1aE3ojUEO2H+wA/8lIm9wG+dV4pBLssLO1lB/jw8lmHC3wM430PSRguKEd8CJXos/bBdHfy/XHOc5rTKdFS9uiNekSlWXxhukG6lBUjrfh5vBASi3nv7zIWalBqSxSjTmS4LcirGcvPLyNAZSAW572Qo4R7LO2AssKm182FHBgDw2nVlRbhEO8e35ImTEypr6C3akyiR9HyksP/DkpofmjvBk8SpypzC8fjYmuEh0JJ10hVjPsHtA8sXul4HD7BjYCh/nb9mC0UYFmluDedetJ0qX+RxyhPq/bzsD72CGwTKe0Fx0yLxMzR1L3bjy4PZ6eqQehVNnc8biB7qCwCCllIgFE/4jFFOp9+SjUEYj0K6gwylAZD61qn2qutD4P3v+r8YipEUYI4nq6ho17J3gpWvyVjcJkKrKNRUCyJgNgyHuI0KZIioUS7uvKIa2steGiEVRifTxWsnSRFZHadIhtVo4XFsUNt5UIGGiYuTYhRB0TV3g5OAOo4P0LKRX50Ij4azYYTUW5NuqTqpQxq0mDP/QEjez5NJJmuScJYekeuOmnSOdcBoE3pGO9i5A1NDJx6O/71KwsGxVTauAKzElivnjVWtDpghzUnh+daXWbGtzwF16EcipdKixQKNz8sxyc9j4DqRz+U3uH160/vuvM9UqMTdZmT7J6gMUIam1t/j9MLjYUpkiMaXV4EjuYkfhV3Rglp5U5GbTypT/A8spWe3TiSun7FkDe3YoR/nYKhbZQjjbP//mTLwswEVrpZWkNaJ8QYZflylpYPCfk+l6JiFmqc7ql4LUrkDt7F8WMN4zbnyMBd1RpaLuBYgM5HmIcnuVzPufFFDoq7xv/8kiLQwAVecL9nUdxuvv0EYi+lci0kxTZmCh+2Bn51yrB5SH73cUMk+Lsxoc/bZm6oXi7XIDYI1lhczZHIPMVpYEPTEECiFND9AxeNIxqx/6PB/CcH3i74gEm3t5+DlD4jEIWYDVL4uZeBTaEQkIZHyDI8QEIePSH0Od5w4nvVNVS1ZxtmA638+LC2JyxjbINTaVq3PGI/RGMWhPmnMBSkBT1oDF8A94+SPVGewVKfAmowjh+f8I5fSWyiUec7yoG41CL/QnMb4wPsRlWB3O7kY6Oo1+yTeqLGcBrHIzweeLrhn8WGyveb8y7AvGFMWDyKKM/jzUMHZUWON769GdMOoSkRiHyAWOs5Gp3dlVLXcYLXmbshesWC0zLiuWHyq6BRxoTTSbc7sxflkBR4PWs7KikiMaY28FcMG1E4cKFCoSAuQv9M6OIXPKu8JNDBCNbsUt8pB2yJQjDTt9sUxcsM/l+zvSPAz9f/e7F/9Fr8DRxYhGmCLE8NG3dxzZsINqXxOi3aAT94k79L15K0FIFxz7RmncEku4CPAsGpWDpgqyq8RPf+s0foP3TLj9HeSQ/DdtmMzcoSJQc+hNNHjJWwaQYK3Iast65k8VFccl7ta/ssUih7MuyiQ+2B5zHBYMIxzYN4F6fvhvTnQokjg306b60V00HILVSul2H+kcNpLSKobVQdb0tFYv1iidt4Ez95siEycpfxZudgN2LMQL3hCHssV2H/cH2o58RLMm8yAKK7Ol7iR+gpqbPFXk4vSC0pz0EFYoDwLzlK+zrzjxf6mtBfd5QgqXSFScT/w1PClAvnL3mzPLzxBfqsWjM06gORR2gvMAv7HMksGsLAAzlTozgopYqwz21YtFxzSxw8aMkolV/liJ86kdIyghQddKPKTuAcQpA77pkWZCUsKewOa5dHLn6aG33Mzc85JD8e92oe3fiLSi9ezbFtEDRqhERqAeTtjvQtMWxPfEiRaBcc2GIhpWZCYEYJHb2HFq/FZ+0E81zvTdp/ctV+NmkR+O79at5Y0j4OcPp9cuiubaiMknUWDKONAWv3bqVFb0glHBRqUHZhjUG+0Nm4teH8iTCqG55fiBUdoTMNQlDv3XtIwy4k+MUeGLizoeKeFMzBdCDqy8wFDr/vdyGfqhm5lj2HeNobE7+2q/Bx70KLcvWpGF2X5+KjpbX/DBdQe3JOCHR2ba6SCZ8lIV6KSyPx+31k1Zb6cE38bWjgJTxNfGoiAQN5ipYogZiVC0yw4KwM+YerOLuIMCXvw8agWPfScipHzdbTopBQVMiUFx5Y4CHbR8MZNrTDMGyAlESfMABxUadEDawutGOOicG6k52bzGtY7aOuEwyXa+aqSDthQFCtquvZXZw9/sQXcpo839IjmWzF</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:37:54,854 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:37:54,855 - INFO [Shibboleth-Audit.SSO:?] - 20230529T023754Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_4f6821c3021517b11a829cd1db3789c1|https://lits-apps-test.lib.cuhk.edu.hk/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a90d045412a4e7cf1ac7f1efad725114|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxU/XdxXLDC0ZPLyG22oopRGg7FCRWGoZcw9INMm0OIP9+JpDiVsTWkn8Np6yqCjb8rF1gcwfKgkNqm6iFxn804S/Or8WwuiA3AY3ZQgEU26k3ilsS5RuccrtHH0IbXeHP6iSizBofxtFxc9h5|_9c0d4cecff164e34ded8520392b082f1|
2023-05-29 02:38:42,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-261418-xrD-HhH9Nx-Jo4gEK-sMk9MGHCVqcGDq
2023-05-29 02:38:42,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:38:42,648 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:38:42,648 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_faa5d7b6c0e24a219c268822a74de443b689679"
    IsPassive="false" IssueInstant="2023-05-29T02:38:41.891Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_faa5d7b6c0e24a219c268822a74de443b689679">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>HTCcAp1wKZjQErAnkamBVVX9qrmXacn/368NsloeFdI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>iMxxyR4o2iBKMWWH9wu92XkUCokWXdfqvw5mEhcVPKYckbRGznjAmlrucgUCJDmESOwIzDRmlMOt4TVzuJFfO6CvCG2lpJSRsvjh/8kukzE48BcEKb/3YZhP5YrA9J3RBoOY/Ok7v0Hb6PgMFhrMeHwFIea5WyW8DUv6iPFHX9EqitW5z2Ik3acZBa4SlZDTS9NdnIXtG2L8uAreUQfBeZMxqJ4ONLmwCiHZbOo6//X1c9D+YEeRx5RNmywunO5ehtgbuo1z5mohm0M4ZPgEsd6f9KOU70YtbhKWSx32wlXEBeWecr3HPKaODXld6sI5GoaU5bOUgcyTvgVabWdtXg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIGxTCCBK2gAwIBAgIQe0B4acKydITAr116IhaDFTANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMjMwMTMxMjMwMDAwWhcNMjQwMTMxMjI1OTU5WjCBljELMAkGA1UEBhMCRlIxDjAMBgNV
BAcMBVBBUklTMRIwEAYDVQQKDAlUUkFWRUxET08xHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAw
NTkxMDAuBgNVBAMMJ1RSQVZFTERPTyAtIFNBTUwgU0lHTklORyBBTkQgRU5DUllQVElPTjETMBEG
A1UEBRMKQzI2MjU0MTAzNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKcgp3CNVODF
WVk79Fylw+v7oGKsSWkwvJDZumgvf26XkeTJyrtSlvShNqSEQ8az5vXez6ey8DeMaPpsK4F2DxZO
BiOSKsliDTKU5srLAnkZXE7gYbzqqDeD24zcMyP8lzugY9OsZZYo70bkSuJrgeCqy9TzvYMHOt3p
k3Cj5Vs6FR5+EpGKjxWI1sVT4diU9p3qUmOMEUo5Y99o7AQqT8H3sJKGmdJtZGvmBDht4R/+7UPJ
khR6JTmarC5GBGlZMtQ6regmRTaGR9tZ05wXZrO4TwtPvl+qg2NL0jsRPf8bZJEkcobsQ7xBdj/4
/fnmB3n6doiy60D/GBmfDwgcoRcCAwEAAaOCAiUwggIhMIHkBggrBgEFBQcBAQSB1zCB1DA4Bggr
BgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20vc2VydmljZXNjYS5kZXIwNgYI
KwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9zZXJ2aWNlc2NhLmRlcjAuBggr
BgEFBQcwAYYiaHR0cDovL3NlcnZpY2VzY2Eub2NzcC5jZXJ0aWduYS5mcjAwBggrBgEFBQcwAYYk
aHR0cDovL3NlcnZpY2VzY2Eub2NzcC5kaGlteW90aXMuY29tMB8GA1UdIwQYMBaAFKzsho9LNxy4
fxcbGdCu6E7jNFwSMAkGA1UdEwQCMAAwYQYDVR0gBFowWDAIBgZngQwBAgIwTAYLKoF6AYExAgUB
AgEwPTA7BggrBgEFBQcCARYvaHR0cHM6Ly93d3cuY2VydGlnbmEuY29tL2F1dG9yaXRlLWNlcnRp
ZmljYXRpb24wZQYDVR0fBF4wXDAtoCugKYYnaHR0cDovL2NybC5kaGlteW90aXMuY29tL3NlcnZp
Y2VzY2EuY3JsMCugKaAnhiVodHRwOi8vY3JsLmNlcnRpZ25hLmZyL3NlcnZpY2VzY2EuY3JsMBMG
A1UdJQQMMAoGCCsGAQUFBwMCMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4EFgQU6nK0K31+xwEwlp7R
5QfDyrESC9EwDQYJKoZIhvcNAQELBQADggIBAGYUca64cj73s6dpL9kdCl/l6TXyeaytKKN4Ffb5
qU4XGKh7BGNhXqp7TnUuFu76DvOj4D5Y5sv1Sam6Miu6uyMmCMt+hjg4vuERSj+Xz+asb0mepJD1
cC6t/yrew1/iTDv4qifRea83yiVrGz1vy1UX0svDtj7bOtXWrcIocZOXtgAdzbRNOb1rwaX5znTt
N/cPYYeB7r5j9wQb0QWna/Q5cyih/HJsMhcKagMURG1CSsaBnXihESJLemnzjcnP/Vywfp5Q3c+B
KgkEFkdNtqSskdR9e7YG/PdG6rUCN9Hhu2dnSBSvpg3TyA8t1+WXsY2LAesn7t9X0bt0k5rSZZM1
ZKGsItj+u1YRw+Dh8dEZpRsh9yGOqsCA05rE3/F3QYWjSZU6gbXqBcPXt5iZCrq2flKT41FroMeP
kD7+eS3ipIcjK4Qb7rnNSHqUairFSD5ve4qjqU20Tk/PzqjNK+fltsSRu6ZtOoN+FMkt+A3Yufk7
ekTTuzbsX+bi8mRE88icMeSEiyJRqWxhw0BUsbH5dQCsDqIhgo7/CXsQ3oj8narz0j8Ma0UkOZQz
aLvZMv2YA8Xt/GCWyyyCbwdKLSTTULmCOIrpwkpiiBAcv5md6c//Uo6s6BiMmD0sG6oh2SKnYFH4
QRBrwNTxk6yh/DL9p3W5TzbTmiuc7RAJXiLJ</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2023-05-29 02:38:42,659 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:38:42,659 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:38:42,659 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:38:42,660 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:38:42,660 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:38:42,660 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:38:42,660 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2023-05-29 02:38:42,660 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:38:42,660 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_faa5d7b6c0e24a219c268822a74de443b689679', issue instant '2023-05-29T02:38:41.891Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:38:42,661 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _faa5d7b6c0e24a219c268822a74de443b689679 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _faa5d7b6c0e24a219c268822a74de443b689679 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:38:42,661 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22369930965456962777956365464229513348642522997346232168756579494960232921839160861855035659931488634319872531144871061126230632628307245413595021979243298021162796817485323967323729520642838484019982422043583459948062010738622164914709867639613377292833748142293112152964032878748204294883029637581475838086809098230772052770316027052403485966861005767953228542833623261203559898877311870242866180023679569922778427571461205374691037046976908472105838884909059792855539563635818559033340161732234235499443992405690433660052891865469805202598340808784182407277136835204164356633476755720981662174335871428308052095271
  public exponent: 65537
2023-05-29 02:38:42,661 - WARN [org.apache.xml.security.signature.XMLSignature:?] - Signature verification failed.
2023-05-29 02:38:42,662 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve trusted names for PKIX validation from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:38:42,662 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:38:42,662 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Attempting to retrieve PKIX validation info from resolver for entity: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2023-05-29 02:38:42,662 - DEBUG [net.shibboleth.idp.saml.security.impl.MetadataPKIXValidationInformationResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:38:42,662 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:38:42,662 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:38:42,662 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:38:42,662 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 21097899247030592392813911214206163759183008113040778595194113432236045529162242597458400935269587690019682161372009097527855333804015397377103078431102560619580392953804699847014796219028502924539764304159736416846029991350953225538406370082509273979631811465192916275213778793152310613897807259609031779608148321824859262015496168368541452987849054561391105338671567419623301941952313559602267879230453973830255781567669770250934727351956050005144235837851905422761917631280144750207401001283846355251083449741734338773596318803052291476719303400698108785206013580459303452276495616355577020698810656104358793224471
  public exponent: 65537
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _faa5d7b6c0e24a219c268822a74de443b689679 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _faa5d7b6c0e24a219c268822a74de443b689679 and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_faa5d7b6c0e24a219c268822a74de443b689679"
2023-05-29 02:38:42,663 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:38:42,663 - ERROR [org.opensaml.security.x509.impl.BasicX509CredentialNameEvaluator:?] - Credential failed name check: [subjectName='2.5.4.5=#130a43323632353431303336,CN=TRAVELDOO - SAML SIGNING AND ENCRYPTION,OU=0002 42989496700059,O=TRAVELDOO,L=PARIS,C=FR']
2023-05-29 02:38:42,664 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature failed for context issuer 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool', message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:38:42,664 - WARN [org.opensaml.profile.action.impl.LogEvent:?] - A non-proceed event occurred while processing the request: MessageAuthenticationError
2023-05-29 02:38:42,665 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2023-05-29 02:46:57,047 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:46:57,048 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz" IsPassive="false"
            IssueInstant="2023-05-29T02:46:56.171Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>Y/ltd7ERqK0H1a4sSj5N+XFL7cM=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>Yv1l7hxHvvjBqWTfG3m+Nc+CzHoICuM8Z6T4x1neubszSGkzuc/aV9Nzv4z5u+xQMNjUrCze+sAjCNugaUW5x30LZLtbUVTz4hOwAZoNwT4+cGHiWTg7/xCBeBe0Xx5QV0TpNrcKJavBWgF6x37ZJuUBkaYEuj7Y1lB0+kh/7p7mm6MoBkqBcHwOBRxBDsCu8DGxTqKmJl+7jl6iWohLJx4UUhRSK00L2/LIwidhCuA1xqo3WCM2540dZak98fPrA/Es7RMggCiOHSZ35TNCYmEhDZ7Tl4M3Ul+WruXkuTEJfYmXGGEP78QL2/khVgHDvF5jcTl/NlBpAEE6zrCbmg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2023-05-29 02:46:57,064 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' from origin source
2023-05-29 02:46:57,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:46:57,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:46:57,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:46:57,065 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:46:57,065 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:46:57,066 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:46:57,066 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:46:57,066 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2023-05-29 02:46:57,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-05-29 02:46:57,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-05-29 02:46:57,068 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:46:57,068 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-05-29 02:46:57,068 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2023-05-29 02:46:57,068 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz', issue instant '2023-05-29T02:46:56.171Z', entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' does not require AuthnRequests to be signed
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam-pub.eu-ch2.sc.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:46:57,069 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:46:57,069 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2023-05-29 02:46:57,069 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2023-05-29 02:46:57,069 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2023-05-29 02:46:57,069 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 17690559969113010500025881010619213400345626812472181653894564860907995902724801041698697782548434756201775064962906924374900523683034565605704539780943252986983868654032436251158190135838925650681620346295846302652398954587422904063025334169212700266878558193177023254402558995079738283318960893577128640871941123136173476097876571763371091281894227854514760146092473561430437169709030588294185552900745270169513172312022952308176858824145945189838278341616426241991661428602440894114265209620282548614183886637909035647666902560652932959452165312579787914608988575485893546899011261488314858885622676781116937477643
  public exponent: 65537
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz and Element was [saml2p:AuthnRequest: null]
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
2023-05-29 02:46:57,070 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2023-05-29 02:46:57,070 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2023-05-29 02:46:57,070 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam-pub.eu-ch2.sc.otc.t-systems.com
2023-05-29 02:46:57,070 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:46:57,070 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:46:57,071 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:46:57,071 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:46:57,072 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2023-05-29 02:46:57,072 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:46:57,072 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:46:57,072 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:46:57,072 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:46:57,073 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:46:57,074 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:46:57,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:46:57,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:46:57,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:46:57,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:46:57,074 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam-pub.eu-ch2.sc.otc.t-systems.com
2023-05-29 02:46:57,074 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2023-05-29 02:46:57,074 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:46:57,074 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:46:57,074 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:46:57,087 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:46:57,088 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2023-05-29 02:46:57,088 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2023-05-29 02:46:57,089 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:46:57.089Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:46:57,089 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:46:57,089 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:46:57,089 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:46:57,096 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2023-05-29 02:46:57,097 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:46:57,097 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1229239864::identifier=rick, context=org.apache.velocity.VelocityContext@294fa750]
2023-05-29 02:46:57,108 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1229239864::identifier=rick, context=org.apache.velocity.VelocityContext@294fa750]
2023-05-29 02:46:57,116 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:46:57,116 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:46:57,117 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 142b6f5a2014ee03238ce9f2027cdb32a8f0251145cee772cffd160a2ae6d1d7 for principal rick
2023-05-29 02:46:57,118 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 142b6f5a2014ee03238ce9f2027cdb32a8f0251145cee772cffd160a2ae6d1d7
2023-05-29 02:46:57,119 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:46:57,124 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:46:57,125 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:46:57,127 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:46:57,130 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:46:57,130 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a7d89df3dd840ca1527a4ef494ca4da2
2023-05-29 02:46:57,130 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a7d89df3dd840ca1527a4ef494ca4da2 to Response _21dda65f8cd436536773b4f0566cf8db
2023-05-29 02:46:57,130 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a7d89df3dd840ca1527a4ef494ca4da2
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:46:57,132 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxBMvzdbY9+tXwTsiH2oXL7Bd2rOkJCcxeXAj/C4Dukos/Hp4geB9Iqz9wXDlAhm6cLWo5vCONA7dL8GxXfVbI/geFkAoc+ZeZ3n27ha3if8oPfHHRE2Hm/qwIKRExtljK3Ih9i6PBVaN9i4YHoPA= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-05-29 02:46:57,135 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a7d89df3dd840ca1527a4ef494ca4da2
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a7d89df3dd840ca1527a4ef494ca4da2 did not already contain Conditions, one was added
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:51:57.125Z, to Assertion _a7d89df3dd840ca1527a4ef494ca4da2
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a7d89df3dd840ca1527a4ef494ca4da2 already contained Conditions, nothing was done
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a7d89df3dd840ca1527a4ef494ca4da2 already contained Conditions, nothing was done
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam-pub.eu-ch2.sc.otc.t-systems.com as an Audience of the AudienceRestriction
2023-05-29 02:46:57,136 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a7d89df3dd840ca1527a4ef494ca4da2
2023-05-29 02:46:57,138 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _a7d89df3dd840ca1527a4ef494ca4da2 did not already contain Advice, one was added
2023-05-29 02:46:57,141 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam-pub.eu-ch2.sc.otc.t-systems.com to existing session 142b6f5a2014ee03238ce9f2027cdb32a8f0251145cee772cffd160a2ae6d1d7
2023-05-29 02:46:57,141 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam-pub.eu-ch2.sc.otc.t-systems.com in session 142b6f5a2014ee03238ce9f2027cdb32a8f0251145cee772cffd160a2ae6d1d7
2023-05-29 02:46:57,141 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:46:57,145 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam-pub.eu-ch2.sc.otc.t-systems.com and key AAdzZWNyZXQxBMvzdbY9+tXwTsiH2oXL7Bd2rOkJCcxeXAj/C4Dukos/Hp4geB9Iqz9wXDlAhm6cLWo5vCONA7dL8GxXfVbI/geFkAoc+ZeZ3n27ha3if8oPfHHRE2Hm/qwIKRExtljK3Ih9i6PBVaN9i4YHoPA=
2023-05-29 02:46:57,146 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:46:57,146 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:46:57,147 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a7d89df3dd840ca1527a4ef494ca4da2"
2023-05-29 02:46:57,147 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a7d89df3dd840ca1527a4ef494ca4da2 and Element was [saml2:Assertion: null]
2023-05-29 02:46:57,147 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a7d89df3dd840ca1527a4ef494ca4da2"
2023-05-29 02:46:57,147 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a7d89df3dd840ca1527a4ef494ca4da2 and Element was [saml2:Assertion: null]
2023-05-29 02:46:57,154 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_21dda65f8cd436536773b4f0566cf8db"
    InResponseTo="_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
    IssueInstant="2023-05-29T02:46:57.125Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a7d89df3dd840ca1527a4ef494ca4da2"
        IssueInstant="2023-05-29T02:46:57.125Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_a7d89df3dd840ca1527a4ef494ca4da2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>YNB/NTvPTSRvX58fXRSM+/BjFBrmsJaDpH3nRE1HooY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>G1DioWUrWpelhb+cIHgb4IgLpl6nnUlhhTFAOcCsTTiiu6k9ATRpHA+07AUNXVSdEt7Nn4NoZ3tfYQBxRc6kzp/GGMQuzjql7yRdIXB2LLMBnd/lovT/v0l6BWIDKNbAAuo7S/RG6EPYkChSQnwX7/zL7ZP6sUyPznU7BgO7MF57IoZs3zCkhPCQ6YBCg4T1U4MjeerYqNQxgspvwimdv5z3B2tGmFabR0/9chaGn45dLxa/SRXtb/7+4PasU3+6/S77kOyabrgwxucyPbbWVb9lX4iwP2MFTuMudLW/tIcRxYKxRBImBjJ60u1VymvrASVhifMq/LHKXF7LTIIY5w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxBMvzdbY9+tXwTsiH2oXL7Bd2rOkJCcxeXAj/C4Dukos/Hp4geB9Iqz9wXDlAhm6cLWo5vCONA7dL8GxXfVbI/geFkAoc+ZeZ3n27ha3if8oPfHHRE2Hm/qwIKRExtljK3Ih9i6PBVaN9i4YHoPA=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
                    NotOnOrAfter="2023-05-29T02:51:57.136Z" Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:46:57.125Z" NotOnOrAfter="2023-05-29T02:51:57.125Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">IQXinmdwlf/F6UQAjljGhKeL8XUxzP90MiLfEb6QwhE=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:46:57.116Z" SessionIndex="_4c6c32da9e0063e9aad0eea910fa750a">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:46:57,158 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:46:57,158 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2023-05-29 02:46:57,159 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_21dda65f8cd436536773b4f0566cf8db"
2023-05-29 02:46:57,159 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _21dda65f8cd436536773b4f0566cf8db and Element was [saml2p:Response: null]
2023-05-29 02:46:57,159 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_21dda65f8cd436536773b4f0566cf8db"
2023-05-29 02:46:57,159 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _21dda65f8cd436536773b4f0566cf8db and Element was [saml2p:Response: null]
2023-05-29 02:46:57,165 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2023-05-29 02:46:57,168 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">IQXinmdwlf/F6UQAjljGhKeL8XUxzP90MiLfEb6QwhE=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_21dda65f8cd436536773b4f0566cf8db"
            InResponseTo="_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz"
            IssueInstant="2023-05-29T02:46:57.125Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_21dda65f8cd436536773b4f0566cf8db">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>6XgIsR3+0yxTxoZZsAKD4KELWdqMa3Ur1eaOeAeZa7c=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>OwdHLbAIbvkJrGWACw691NVBS4xNFS0/QVYUXZH6dBOy0dnOCICeDj7/qRrDkEzcu+La8OJs4l+KRE+6iZsWqARKJO2i7LfgnwPoXFWnqnL00J9HR/Bi+BUEkwjYmq2Vl5qu/upLIHtqWZC4QEtIVkoNQiB0XOsiUCzbRpyyrk5Wba/58PjewXlLG5sgrzlIsBAWWf8nAoS+JqnfGp450Cmuy1rMqL3Gm5HPGR3stoVlagRa/VIkm4d2ZLao7OlvREFUFaFaBw4rpAnVx6sTxLQFPNv/XH0qGbsDzhoApKXBDzmAqP0Lnfx48yulgljuUzBNupOFT0GgzbdZFOEPsQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_5da835526471825d7d721c782ee150ec"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_0069f99114625983c9e1204c19872f98"
                            Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>OcjM8t3tEtK5a1qLHIrvadR91grZo9yFnBjHqQSasO4TkN5u78g6hBd/e8FYZFDn1Ib9Zq4Qbu5bOjDdbEjiYqAADH4DTg9KDd49TdCGP8rgtx5324wviktUq5Niyt5SQ9qBhhoVbxCZnXG5tf53myW+hSz21FCSjtydVNnRy87Yf3DzyAT9NXU6+1jpxuBIQYw/d5Q6YlM4oQ9uTvgF24rksK5kcZY3VtQm3tYLcp3DrCxgf4s5CsJDo2Eb9/vTYhd6Ob5JPSdabpIPrHyCt5rUR4dq7AkYygQlafMtAZXsNLJ+H6uTJOLGz8sB0QGQcvTQH6WAhQ9xkmPACqTmvQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ApgSiH+buSzqx6weNGJOYFLiBn5VHKYEO6dNV66+nwsPqVd68//0ZnS2bRg6vrhh830GAzHl4f7QqRwJKq/E8HHR7eTULELTFZTAg5QOnwTJKoE2eIBZCjMMZIVU9QNMkWSw2SVCPrIbWnKZI70vMNatnY1OduBdIV9n359DM8XEtidiFEDbGqYxTa3avssnfmmew7fLZZHSm0CoFwqLNcV+ImXGFaSv2QQf61jDRL567wsIFt5j6BC+l8cu7phHur6jwX8nYeDNO37u1HlOMAILRpQVRwMqdG6CoEx8BXXWHpJjb+np7h4P++HrmvP+YhjcxCLcw61nqSqx+N6qyINxCNKYfIlFYkSXrsZDQBTN+DhYX+KlyrT1ZBPu5xNHLKCGMRuTGghaoU85nMJ2ieb/Z5b8AxygyaKJ3QYlfSU7xZNFQVSvtKc7DWPpYDsndO87XS0Ly5kSrn1saet7zpecGfJTOVHDwA5rSBvbUtgp0gR9u1HrlHJiXaCwt1FjIvuG20h0OVL7l7MjjpbVrIlIeYEYelDgMXT536UdqPatJraZLwLCe/AmCTLeNICQEa0TUsaJuyFD2EiTHhzMKfYaHwNe2zCKCXYo8B99xtf6l16ruQ7gHdaN4rUYAXqdkEzq7awohGhyiBwBhGG9rDNijqYIVwki0flbJZBbuVIkL+smKVqRS/1JmdYrw8P1fhxpL+tOWwIKd6TnptHEnWqcRMEfGeOhVwA0lmabKrXhujolZJicocABXjnB8GM9+DwK4VpeNFsP2qeBz+uQAIg0iQSqZkt8yqd2vwGtzyZa2jLVsZ5FF3Jzt9zjWHrISQSVSrDduYDfJNy3JuuC3Fn0k1z8nAZBcbuQ24lTVa3to2Xi8QfN2vsbY7KsuRH+Wiv4ZsChG7derhnIEuxKv8XAjRfhySDODBuDGDGbGQJ50bjO4TmTOebmc/TMOOCM4SpRvDRpGLsdhamMjddwswQCZjri1tQ/RLn1bzNKErOuvWr3hmpOhQxRaOEosBoYFfm27FjbaC7u+u0MZLggKGROsWoR6aE4+484pwWyVdtsdbMLJM0ZkvD5iylR3zrSX6xEE/U4IffJJpiPFC7I1m5jK6ElDDSTUwkF0ovrwfT1+viS1Sh7/G4gJZbyy6Unpj8/o62Noai4bzQH+JP72uRKbOv6B9f6sE94P/4Di7nXm0hABZftH3s4Xb+HEjwCYLw3PdO4BLeRzLyxr5sK1N6EpNcJUwTLmyczJ7347Mh/ZoaPSDnCIPtiLAkU15ScCtLehNZgg5FtOdLXx6Dq+/+jRn7bkp/YxMjuQJINdSfOxhST8eeyK8Xof5x+9NdPD6mG++PMIyM6qla4OykxHKc8n7Kd25e4e0nZWcqrH3MOgC93sN2s1gfTCTI461HZiFOgnxHLTeTao+JFlcNiMfMgtafMsm96iEOaskiB8U7w/ac/QMa4PBVQCYclW7qesPJbMtcsDYmWpaO68YLN+pC9aLEg5mLD7aSPM7USOY8XQ0cDY2Y2fr5ZkaimTu9+O+O6ijzkyyIxqgJrhJVQiYuOeLsSqnJPFBrY+tpxj12SxUFiUsJTvXhaoBrvrMy//r1Bfpx9CzT2SMymO+QNCQsDS94I9PUr2F20JZP7oQTexgpC0iAZXqNmEJhKTB6FbMvN9Xj/5d2Lf6b9WI+pzSak59Kv216vbuH262YY66U0OJe8YZPUZAr/NqBE88TcXW4bM0/TIgNWU/tm8HOUB5UYPMb5dVLcm7v5/+8J14c94bHPc16pabydBeyXbjLnk99FEHs78ZZPvJ/RWFszLCrnXadUyq0EgCNmyYkSTyVai7N0SPhoKpRMJpsk8UbiTbq8uLVv4AgEgekgmvN8FdX+kkPVIz/OfEbdUucfuJ3yQ+xqVoZ0nIePOE5QjZJNPFHdHfVn2cz+tGrAmBWp1cSlKHppw6JWQst8VcgjrEyS/G3x/DbgMKCMhxQ8WlfTiq5FTzb6Ej7+r5dcOPZ0beUjuZxOFbwZzvi5HSWSnAOx0XHm4xZDWhi/rK/M2I2Icvd4vp7we0y3NKe0gRddpuoO325wGRgcicwmlJHKAh9xBzqCMdY3IfdabB+lQXiFK7ySmIWMMisisYC6dcX9FCeRlACObtJ7RStSbawGEBqrgG4WCicqYCKjiSoN+JapzQHIaAw95Gvx/FWO0LWJYioLtdg6oRfgOQMEccvgh33u+wrHK6jH3ib41hu2uSUQlmaUjD59FdIzhzLk2KyHlV3jKVLoeadWayku0r1h2AbQpSAd//C3oxSWPXWuIV0gi6F8/SVI1n9GK2dNqWfIa0XZDkzP3tZhN6M8ZEYGj2NydguLYXNL2gtSn2sscgKzWuMpaQXOOwJ4b265RhQZC9BLHr7C3Q978Hq54SWByagxeMHpdj7JvnRR/GeikbzOBsWraiHEu5dqstVg5HLm2pTV6/8ud4GqiI4vTkcKu19LP2lgIoz/3k4gWtGZFbrdpkfg75ky2xI9tUtLCd95URjY+bFmQDpHJ5kLEzOvzy9oOubLvwfGzbSRKHCEAzNYIBn7NOOZL5jXpwxLt4GleIw1VPqnpLHX4eu1/EP+eGbeiguheTlEx5KR78r3oTl1mH6viUOA2Lqbipy6IQskIrna9X+YgaqSKieu0fLpYHODeeCMJ7PtFOVYlQ37xvI5egccNimlVzDL9plQl2+tOS4Fgd+BBfY+gh+adcOimj0J9rpAPZeEHvTGN4twrQ8QMlhxZiuv7ek7L5ccVkA4nAiTp7q4fuMEaGc1swD/qhVcSyfZyahQQEb9jwsxhFXaFPj9epJiemiaHoVTW47B9BDtLuMOBhSnxaoYSQ3MNMpnfkJrO/JAqID4s2L5lZaYXkKuge8jnzv4nyfoXOn8FLu7cRm5SdJ5+Q2jYXz6bc+/Aqdau5LfYk4acn1Fn5cswSBo/+iV7vOENk+DCqWZxxdjhoHSqsk9j9+YkhYU6L/VAFPF//BM7O2GnVw/8BdrcWmftKd925H6DcssRxSFqCMYWjpSaj8FfDzE5oE8wUwcUUjgf22SWaViRdFOeA71ktaPOtaZ6ih68ofJuIufx81lwOxty+PmE359pfyZEfwIGT9H9z5rgshWccnh2ky1bBqLHDc90UUtOaGy/iljIb8zWt1LLX4CC+xi8qTxfa2+XQ2KzCR2+20vP9mMxlwrU3QDTOPZzzUeUUhjii2Uwa2cmrzOfZZDZn3Qwrb2lLuTFNXs2978X/qtADjPSzJYZwdhSpy1D75/H8hLWHs2LkiV2J4Kfc6GalWXUznTt9cYaZhWTUifL3Yrer5CqTx0rXo+mn5yYmBVwgahstoBWnhle9wLQvCyW1ds3atK6UwQHZKXZxZnfjEVsVSCsTa7KrtqjkDCpeEO/aVgQm7oZv2Kus2OhSywlkyiNlvc42FTcGthvPrjgWiSwRLZcCyxGOM0DV3/+Y8Mn8n54lDshj+/GxrrzspqYBw5vyKFDQKPZjwFvfzYAmj50WH5/SD+IDaEwr7/Rb2irX4pnFmBtUuFum+Wky6enjAG1VlkU/Vg9MkOmbNOPg3MTpyPWnxhBq/cvM8KHX0jMuscXde2DYwzwVwV9WNi7DfieJXe4SE5zowCRVZh9b7dNqKzIGvP/k+PLNyJ6E8KRN9caDOYLxMOZ1u/3Wsj9ncpoPgw60ZROz6kBYGarYMLvYPx0Rrb/xLlKNc7OyvNzwcCdYy6cA7xmGp8XbPwDNv6wbIbsMV6ksrlqmewWG6NdqLbkuXXaNv2DMzaqTbwr0j8Qa5aNZeKTaTA8Q4mmyOA1R9cy3L36Vm404WV1j0u4hPvXHsowASE95Zz6QwkSj4lwTbB9w54Z4ILzr0rbL2KLkA/jiU/zjAQ6tj3xQ+UPOMbek8U2rMW3PCeRmDadyFRq5LHdjKhl/47cb0GJM2Lj0G8gHN/+nTNbfgS5Okm+Pp2vCRPaBn24+IFGIko0K/Gu6b/691i7NmwXkK24GQgmUn8G62szjtEpamgadCJWlYkoP6LXerT0+nPYWyzseU6i3n6QV+46aECFPEWPFi1LD9ZVVvIZA6aLiVtJZlf21Vdp8H0qizXH1y0x42b0lV+v2IJ0qQ1mLTiEA0q8PWLCQtb7n3YUqkvYYpg3MhoqoWQtYFAVOWZeHrex+iQqp6P2dygm2AGrDoDYKp1P4a1S2ds6nhocZOvUOp32CTbHpzp+3EA+wUKDvrMorZj+RIS7TJ7hC74r9yQ2YAsNLGLxqnq/6FYNf4kqQkkcCKyomfeNFCWVgnWi2mDs0L7mpAUZlHfLkrN3bo07+q5EMqwp1k3EpqH6DmA+e3jcspQAq52dtzLeK343Q+4B1hD8QX9pcgg9EViLX7gwXuMly6Yr/H7UXX/BPTYC97GVeLb12hgtbpVjjM2GUnUJaiuT47kXiM6lxHM5EmQp1J0BOedl0YEj0ZnA8BGn//zwL3+FMuj7nIv/b8uFG7kCIT/eLQmq3FHueNvh/PAQaDOSzbpjGthe9Ext0u8/DEHW1Jd6FIGtOwIBkQtvSxnoeCx1v/3DJpO9jKWVYd4sVZ2KIPCku6JQZN6aulFHc6iMMB3xQHC/cm+EmuRArHAFTIJwsC3f7YYgUm4Ch2cAPn/5pTfjtYMTSkLzTRu2YutHf7BhFRPQuCoQ3oA0Umsd4z9myv7RD6DuhhaD3Hx/6MVVhLO+oZBmB9QOER4wBtBLoG0xqXOj9Tu3Dh6aX4yzB+OQiLL2MsLmDaiZ6T65MmO+Rr/QtVMe6lhRxYWihud8MieLVnZx9cp+2vzf5kyBAuMcDzhrmlovtPn/6zMS4l1HOMdjqqdKJqrvc+4AchzLdzP0jnWcX4hcejDak1xhd6ENKPf3evPPboubosfWVAVHV0MjpwGb+t+3RjL8Sx7JQpiUn3U235wn3AdeXVkchgpvXSfxl2ztYQ48LuR0zJadGGTAteNKJR4RD2Fk5YpDVU4Q1rcYPa5gfmOoM3jKYpS5WN4g1oVZMi1VeD/NgqxRpg8p6jiMVc3QYFcKDzpeT1G91tfs+OWQHbU4Hb2DNVGd6/OMDbqwvVwY41m/1IlVesKdHSH7qItuOX7x3T+XLZyti023C1S5N+br1BW4DIPlH1d6hR03mgwlMP9mGk6xNzk0qpOwLTWuVoNLUbEwwteKrfGBgFBxVR6IkmACLaGY50hggF8z58aDzYscXSV9s+XMM9z/Hg0krm6OdFvj8YQ8aHjnDQexHGH+EC6kX9J7H/7A1XdojfAyGe+1kbtL2KsIxaraDHdm73AmNVaCyD2of3YzWlllhFfM4rpfQU2z9i6c/JyOxg5gW8dOopKtMz4md9bwshfqQCK17U5fsRQpn+IdjQTrKzV9tpUaSsACODyz/9EaubGqGNyNwvWCxeMJQVTZmy5qVspxd4NJkETo8AjLxiblljk7xLiC8e/k8i3Mu/VyyoNc1ynm2oVJieilPRgxv2pwKt01oFsgd8sITtDZeNSWSkxG8YMMQI3IVHJstKjGgp6D+lreBOK4C3rKx2VUdKrKyVRVLI3OrOTCMFOhsUdDypXRVzsp2k5SOyxJhNCo4ddbQhU5pVr5JjW0fIOb/YXa6wclinXKjre97QGDa9bPvQXo9NeiNEH3Of8bXif6G1YmzYAyCpfWsjf/KNK6Vuu6adpeN9E4/kUXnSPecWGbMosO7nbLZf8SEiEib2BL+BljfDGcDSWYmC+4y/HxeuKddVwPAhwjYjjjwhK2WyWx9Ghrp80nQaqOKp69akO8WATjPBKe3iYtmRm/NvpMd3DDaMyYSQEopYR8G9kVDgSJuSxYHaCeqVfPHi532KuBSjMRE4gdBfqg68KGR5mwOPsZvAIfOghH4tBlOhcwgL9r/MtifKv8m8nuxzX49I7nyex+twlo5HqKjanas+9jimgW12w9AFLRJkjM6VAQlSwoLZMRnReAuWIh4LiXHG4jxQbnd0uD6HqKWkobzDz3YAQQ+h5st8QLcjCkWuZkkI0jUNASWQ4jABjn/Cpv56aUPxxiLj7GTq2g8otuKmv+l65mGlW1SotyX6hO8stwPeA3Bkmqz3d0es/LqvbLiKmWrsVGjfpYYNKG492UAbn9knbrbP/bjjWqqBfRSjDcd1zFNnwFt9zywAsvfKN7hARtk+BjWXmUHjkTZsHq+VV1cKya+20/u8vzCbFXjbdKE3OtdHadf5CcWuLqdHzPYnGrdF3v9Y8Nw7dZxvu4OZaLF9789wjGux4oEUuRSnlNyAKqPyT7PmJz4Oh4gO8VXQlnNviw2Jr6U1KKSjX8bV5c8l3NC7enYzZgP5JkawtP9yP0tjhd7SN091zu/Ir16vzT0QypsN3RTJ6AXkSG7kbHDRcijPOrIHBcQ0/1yftZGFuPl/MPykI9xsZgnEVwwf/jDwCe378DDDhpaQQ6HX5BBZHqUJc+zMAZq85h+F8vGmrxEYzkMF8XFwbC8e5IF7XFn+ABqWdFMSs21wu3md1OmJaMXozoIVCu3BKbU0ygsEAAluDIz2FRg4hZ1z43D5AbMyQGWTC+CkoBkHZhcnXOR6JdL1THojcaDDE04xC3qhVUkJiN1X1aboT2pdoIb2x7OyPpk49TGgUuQwKuI3mviyQNMqfEUcHFVXQxskN09vQ9NZm+b7qCTuEo+ElWT68KyPivpX+1MGpEipkxExGnjwEhBbQWVHfkiSPp8gNimG6LtYFha236N3/bR5S+O3CR9wi4FjTG9tsut51oMQrtvJPMOxo0KcjvFB/Y2vhEP3AfphBQf/hlVkhQAD+1Hn9K4pkmHflS/ZECF71TGJSIMR3+lVrFjg1Snz5q62zgFyAC7amoPLhImKfjkNtHsIIU42DrUHZ3VEFLQ5grQD+LxlUHY+MSUzZotkn5mg5v/LJW/Qy1/oUsNaqnORDjDaTo8u/JET9g0mQIQRQfCKOGQcjlRSH8j2X6GyQ5N2QIPVJyqn9HWIOspUuzOFSjHmW0ttCMD4PvNrSo6aZNtQg+VjYRbrfIF7aApG7qytJzSxdsvFWCsqgAwir1/CV6P8AwmloxLhAXoGufkmNxfiAX2fJD12Evcf2zQsHS2fgJwG5ed0Z7i560R3DxA8uR7kL74UGLjXcyghlB5j2ot6JAPZnnrV6GQ9EgsIZOmldv+ORfVX0XUjz2PacKasPXRWbnJeQI/cz8P350P4Ae5VLPQX5N1Qx68f/x5h/FRFoMD8i0LzipAUHFE2pKtb6W9aUu2X9DwNohAz4si1PeZIxvMn/X6NT13kvvl+FaWWgDWvuLHP0FS0vqGYIrcoj1G1ph4g2GjT9tQ3gTjuigvUzCTixGIoIVRFHf+UgXDw+K4nIzQHvwAjSdmYrOJTqo/piWVWjAWM3zgGbc6tNg5vPR9mRnrfd6NkP9lLqkrzABGdJKBiX/iArrnzr4HZPNkG2afAwZH5udC/GCpl3ArHdcmobx/xsScUa2DBz3+Oe+fd3QpyrIlOvAR1UgPPdEdRyBHTzrT9h0z9me/x1BgokC5STPSMlHg4DSVLl5e5vDkbQYKMhoY/SHj/luoqGbe28jn/wbSnoLKZFVApNKABxgaElwPlb9C+TsOOxCfMvZVW/9rpvqTuWK4dfsaaEVqnqO/2Day9Tws85OjAg6V6Wnc0R0i488IJZymLxvIpz43ER7gB0+ijeuOAA190iiRID5/AoIME7uuwz+9XIdKTgBCOnUnjmNXhWrI6Ug4bLV6ATmbiEIf0kdNZsX/iyLGpumqOvnWLjwDe8/Feza8piTwQ/5FiMETuHjQjEB03N7/Dz3oK9ve1HXZxMttAyvKGlcsfDh+qY5T+++H9VQG4Yax8apLwOU5Rw8q7f2xXaFs2DTcshwLU9CrcCSUrPByGvf9kjT6aJ1sy5pd7JXsy7/eX8Em9apLks7005q5AjO/X8Y53VJ4UDf1e8xMBfSMlvzqOKZlI/8PDd8bTTXhAsXrkN9uVmYPrNaUYcHwWszTD0y49ypMq9i2qbxvZuilpl68XIR6EjkmTZxznoGLjMKbu+7rf5UXx27Wdippfu+69BdTt86MSt/yuaPML7Dm/mP0lanCnpsHHLWRvyPehwXtoAuPIZGTK54lhzBTkHlx6YrrXmX9kjvBRI0HMAxt2yK1PTjlM7dEmwtRBh6ufDasha57ufR6UhlSg6RMqRi26utj4mB50Cul9AgU+9NjPoykh5C/PHxuI2UnZOUb1EVmy0Gh5AfRvJuf8Sqj1gj9/hSFclZaxqR5KLyjU7UGON1AKQexsdWHjTPIEqd1QK6jDRFPrS+p4qX+BMIUKjMLFGbBEzoon/+ZFAdf29pQ+VuyNQ2C23lAz6aVdVbfB8bp7ARtWgsHEDI0hRPQ5A9n7Hbta2TYDz1sH+x8uY1a5QTZ0hdn5WZyaRS4f0t8jCxd/Z5vvCVEmwhICRAXfl5VllfjogcqLIqrdGYBjKwM6atfLbs3k4ZL/6b8w5YwVS/R9pFLppYbHxVj+ufOJ2nhS9DkkZP2VCHh4R9KhcY57Vk5IAGoElORsfAeVSPppy1OEp6nTpg27zYfoxwiBeZqpAH7KN2kZlz88t4Ytyo1LbPg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2023-05-29 02:46:57,168 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:46:57,168 - INFO [Shibboleth-Audit.SSO:?] - 20230529T024657Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_44vzbvnuc6qmbxdi3uhidjqm497unsbzjvrz|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_21dda65f8cd436536773b4f0566cf8db|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxBMvzdbY9+tXwTsiH2oXL7Bd2rOkJCcxeXAj/C4Dukos/Hp4geB9Iqz9wXDlAhm6cLWo5vCONA7dL8GxXfVbI/geFkAoc+ZeZ3n27ha3if8oPfHHRE2Hm/qwIKRExtljK3Ih9i6PBVaN9i4YHoPA=|_a7d89df3dd840ca1527a4ef494ca4da2|
2023-05-29 02:46:58,948 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2023-05-29 02:46:58,948 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2023-05-29 02:46:58,948 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam-pub.eu-ch2.sc.otc.t-systems.com, acsURL=null, relayState=null, time=2023-05-29T02:46:58.948Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_aad81c4b-595d-4dbb-8fb0-ba39e1bfd6ac"
    IssueInstant="2023-05-29T02:46:58.948Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2023-05-29 02:46:58,948 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2023-05-29 02:46:58,949 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2023-05-29 02:46:58,949 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam-pub.eu-ch2.sc.otc.t-systems.com
2023-05-29 02:46:58,950 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:46:58,950 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2023-05-29 02:46:58,950 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2023-05-29 02:46:58,950 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_aad81c4b-595d-4dbb-8fb0-ba39e1bfd6ac', issue instant '2023-05-29T02:46:58.948Z', entityID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:58,950 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam-pub.eu-ch2.sc.otc.t-systems.com' does not require AuthnRequests to be signed
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2023-05-29 02:46:58,951 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2023-05-29 02:46:58,951 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam-pub.eu-ch2.sc.otc.t-systems.com
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:46:58,952 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2023-05-29 02:46:58,952 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2023-05-29 02:46:58,953 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2023-05-29 02:46:58,954 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2023-05-29T02:46:58.954Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2023-05-29 02:46:58,954 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2023-05-29 02:46:58,955 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2023-05-29 02:46:59,135 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,135 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:46:59,135 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:46:59,492 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2023-05-29 02:46:59,492 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2023-05-29 02:46:59,492 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2023-05-29 02:46:59,492 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1763774976::identifier=rick, context=org.apache.velocity.VelocityContext@2d600516]
2023-05-29 02:46:59,494 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1763774976::identifier=rick, context=org.apache.velocity.VelocityContext@2d600516]
2023-05-29 02:46:59,494 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2023-05-29 02:46:59,494 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2023-05-29 02:46:59,494 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4eef37730eb2cad4dbf76e1b18a18669d8bafc3a27fc16e47c624041aabdb857 for principal rick
2023-05-29 02:46:59,495 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2023-05-29 02:46:59,496 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4605d2f3'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:46:59,497 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-05-29 02:46:59,497 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T024659Z|https://iam-pub.eu-ch2.sc.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2023-05-29 02:46:59,498 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2023-05-29 02:46:59,676 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2023-05-29 02:46:59,860 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2023-05-29 02:46:59,860 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2023-05-29 02:46:59,860 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20230529T024659Z|https://iam-pub.eu-ch2.sc.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1716864419861}'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com]' as '["rick:https://iam-pub.eu-ch2.sc.otc.t-systems.com"]'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4605d2f3'
2023-05-29 02:46:59,861 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2023-05-29 02:46:59,861 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2023-05-29 02:46:59,862 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2023-05-29 02:46:59,862 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2023-05-29 02:46:59,862 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2023-05-29 02:46:59,863 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2023-05-29 02:46:59,863 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d9efdbca5113cdf432848d0c3fbc7931
2023-05-29 02:46:59,863 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d9efdbca5113cdf432848d0c3fbc7931 to Response _99b7fc8f39a5c39b69700188cb68b599
2023-05-29 02:46:59,863 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d9efdbca5113cdf432848d0c3fbc7931
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@Samltest.id of attribute role
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2023-05-29 02:46:59,864 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:46:59,865 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2023-05-29 02:46:59,865 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxH0Ip7WAXzNc9F7Q+viVrCin83vTaR17BRD8tC1Y2NvlY5Vh74BP9VL2AP1urvFngYar15VbTHCNK8lhGG+fRcYmFusw09ch9FsuS5Yw3e+jz2EVedin15fYmiajXezF8cTruu6OR3zuKERzDqrg= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d9efdbca5113cdf432848d0c3fbc7931
2023-05-29 02:46:59,865 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d9efdbca5113cdf432848d0c3fbc7931 did not already contain Conditions, one was added
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2023-05-29T02:51:59.861Z, to Assertion _d9efdbca5113cdf432848d0c3fbc7931
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d9efdbca5113cdf432848d0c3fbc7931 already contained Conditions, nothing was done
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d9efdbca5113cdf432848d0c3fbc7931 already contained Conditions, nothing was done
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam-pub.eu-ch2.sc.otc.t-systems.com as an Audience of the AudienceRestriction
2023-05-29 02:46:59,866 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d9efdbca5113cdf432848d0c3fbc7931
2023-05-29 02:46:59,867 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam-pub.eu-ch2.sc.otc.t-systems.com to existing session 4eef37730eb2cad4dbf76e1b18a18669d8bafc3a27fc16e47c624041aabdb857
2023-05-29 02:46:59,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam-pub.eu-ch2.sc.otc.t-systems.com in session 4eef37730eb2cad4dbf76e1b18a18669d8bafc3a27fc16e47c624041aabdb857
2023-05-29 02:46:59,867 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2023-05-29 02:46:59,867 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam-pub.eu-ch2.sc.otc.t-systems.com and key AAdzZWNyZXQxH0Ip7WAXzNc9F7Q+viVrCin83vTaR17BRD8tC1Y2NvlY5Vh74BP9VL2AP1urvFngYar15VbTHCNK8lhGG+fRcYmFusw09ch9FsuS5Yw3e+jz2EVedin15fYmiajXezF8cTruu6OR3zuKERzDqrg=
2023-05-29 02:46:59,867 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2023-05-29 02:46:59,867 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2023-05-29 02:46:59,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9efdbca5113cdf432848d0c3fbc7931"
2023-05-29 02:46:59,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9efdbca5113cdf432848d0c3fbc7931 and Element was [saml2:Assertion: null]
2023-05-29 02:46:59,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9efdbca5113cdf432848d0c3fbc7931"
2023-05-29 02:46:59,868 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9efdbca5113cdf432848d0c3fbc7931 and Element was [saml2:Assertion: null]
2023-05-29 02:46:59,873 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_99b7fc8f39a5c39b69700188cb68b599"
    IssueInstant="2023-05-29T02:46:59.861Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d9efdbca5113cdf432848d0c3fbc7931"
        IssueInstant="2023-05-29T02:46:59.861Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d9efdbca5113cdf432848d0c3fbc7931">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>j7ykX5b0nVk9lWZ7qqx6QTJQZmd/ZE8vp+Q5vG7uRJw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>OOVvmGTDCx5jmAC2lA7Qba9IYjUAeRxYYZjrZdzU+x+pUYE8KAZdKnhzkilXbd8B1Ip54xOPn+y7SwFOwSP+P13lhTvvturBHHXe2+r0CFzvHGxyGF28bkJ6MgPvoUj3OaMgZuY4ID8Lb0jFBQoCaG78ZSL0Sm9UnVzxKwUPMwDW87am5ElzGYKWF2d+Wv7C81kQaTj48g4CjDcBB+r9Zhs8xOWkJT9BiISvaiS+JdSgT2Owk88Wp8/JSqKs4iT2IACmrboG5rahhblNj8Y5q316hnqhMkr3ySUKZwuTNIz158jUGMMl2wmqsOXkyZGA2M/C6gYGd+3CfrVepffH+Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxH0Ip7WAXzNc9F7Q+viVrCin83vTaR17BRD8tC1Y2NvlY5Vh74BP9VL2AP1urvFngYar15VbTHCNK8lhGG+fRcYmFusw09ch9FsuS5Yw3e+jz2EVedin15fYmiajXezF8cTruu6OR3zuKERzDqrg=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2023-05-29T02:51:59.865Z" Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2023-05-29T02:46:59.861Z" NotOnOrAfter="2023-05-29T02:51:59.861Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam-pub.eu-ch2.sc.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2023-05-29T02:46:59.494Z" SessionIndex="_1f7254e5e552b4ddc0024a5bb26537ea">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@Samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2023-05-29 02:46:59,876 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:46:59,876 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2023-05-29 02:46:59,876 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_99b7fc8f39a5c39b69700188cb68b599"
2023-05-29 02:46:59,876 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _99b7fc8f39a5c39b69700188cb68b599 and Element was [saml2p:Response: null]
2023-05-29 02:46:59,876 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_99b7fc8f39a5c39b69700188cb68b599"
2023-05-29 02:46:59,876 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _99b7fc8f39a5c39b69700188cb68b599 and Element was [saml2p:Response: null]
2023-05-29 02:46:59,879 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2023-05-29 02:46:59,879 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam-pub.eu-ch2.sc.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2023-05-29 02:46:59,879 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2023-05-29 02:46:59,882 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam-pub.eu-ch2.sc.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_99b7fc8f39a5c39b69700188cb68b599"
    IssueInstant="2023-05-29T02:46:59.861Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_99b7fc8f39a5c39b69700188cb68b599">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>3fXdkaZfkWLnLIeeCFo3HWNm7b972fx9OFT+xi/aeAY=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>eqIbMxpE+LoLTUtyjsej4JGsx4Xxsdh8I4tvo6kE9gpDC3Pk4RfxNI3SV3EATtjIXwSpmfwVx3+tnpnNwKpy6+UAVH0n8c+w4YN/Kc3dhyWXX8pRUvmnLWYbEnX0rxWYSd3Uz6PogrRWHDgCk6EmPIsaQBS8id1ibIniANQq8h/QRM9KGsHIgpNErDi8hvfUap23e0iyUjPWt7XHn3C96nm6Skwpm/Py1CSpZ8k0TG43xtmNX3ePVTPYBxYJ12kVK+S6XnO5CHnkUY8NOOHnbO5gzC14WKcOAh2uUFzFvlQTZXajYSLyLnIElIFH5dlSdsIDhRiG86yqISbF0Sqnng==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_2928c2f380303aa74adbfbc8e040860e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_7441899853cd73b7c5b80eeb0d372734"
                    Recipient="https://iam-pub.eu-ch2.sc.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICvTCCAaWgAwIBAgIENRO66DANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTIx
MDcyMDA3Mjg1NFoXDTIyMDcyMDA3Mjg1NFowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAIwi3+F8j9cdYIfDTYXK6pZIamYUtPWxJTDUVtcuP9nPUzZVKvH+
5cznJD7A+PmcMH1yatiHa0lz9hBXoTjO6c4sOBqWsqhgkKlBnfzRyMTQoBoBzKe9N512GR/1FZYM
xYKH8Jqj803fcaTTRlNe+9Ya3JsQfL1HjvWuQFluH7eFZASlUQgw1H2qmqdhX3FXWKQ4LrmaHvNs
uTKkumhC/NgPyAXIT21q0ffWGLlpNVA3W8grbqCEzb0WW3PH+zChlQSBHkXDOqOv2G+tfzhB1p+V
EHk0Rump98GvFPSRiNFi98mZ0uOrEjebqGY65Rl/epVWHKgY3E+PNVGGcI/YHgsCAwEAAaMhMB8w
HQYDVR0OBBYEFBpny1KrdSXSYk5ikY1nHtGCEPwkMA0GCSqGSIb3DQEBCwUAA4IBAQB53ApEqZe+
T1Ox0MPVYRhXvxPorQ5Gkdl9izu29wI1kAKTb6eKbxl7dsiGbtdSi1FLssLPFnGJRv55ZhkJIkqp
7Ef2EYwpFGMo7zva8MDUr1sPt0t622SRE/GQC5WwwQt4sK5jFFSYqxQdxAHvghTZO3u33hRsztyI
Br5KDeiCGeLvo7yKECnhkysz6ZoXPYVZabjrONoH7Q7BwhyXwNbbE9yE+klVjiK1h6hQoqjMZcYS
Y3SZv3eiQPoBE3nswxy7XS+YDUskfwKFuLBU/fmB8UdSOs9KGZpQhXT2pY+/akInFDuBKTqvCxhI
OT14E4KIL/LjgDiyKylEW9E6Rbcw</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>H/2u4g0VYdjXsV4MsXJTIjrLOyRi+5W0nD2lPyDePBCsad342f3LvVgKcNj5HM2ASpxiFzAedwPbru3Vw2D9l5nOb3dasNKigovLkMYwpHRAo4XqLWsc1n5raXniIjMtw1x1e1Mr09ff6N0eXQejwJPt7pSxlT0oyF0ch2SYLLFernHJgm+Ro8tka7pYiCD6lxaOwS3R1dStdSlkz2mPV14IkZro9f6MKDWcmsTLxwK5x2FHlN/Xc0N6usqQuzVgI8Rio1c5xE1+vGo89u2/VIabaXZ3vZ3fwRcswvcTrd/6+qLQFujE1KYVrpBXHCK1ZS/w+eoFI44fLS6wPk3qAg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>mQromUuAVVXqVoMtdnrvHCePTxbQ0K3ImaKkuQdDhkgtAyPHx/7yND5dk/r4shMBr7fsXNUiPRB1JwxGOfrEfMa9G3szNeWkTxXwFgBBJlqkfuiXvaXuelJWyKMnS2eTYCRrWZVvx64IY7/YECGtes1Yn55zGw1ZblBJyBEXp04+Cmtmh5gyDbcvDkh1KveAWpJ2JoTk/o5LgdJjxGi3v39dypmLsuQU7afD5+w/0HvjKO8qzwwv5yv+hqZ1ErJvYgqtdzANPCQTjtR73VFkqn9buRomx6rIqNCF4E2ll41lqwQs+yeKO8x2uKe7Ygjt3Vr+4i15YMnTIHRs4UL7Y4oYBaP/ptNwu/v5Z8SulXj/yqktdE6N1SnJ+yNzN6ZQBwCrXmuxHA50JuSQ/+VuiMugroniPoR/o7SsDm5caj3Nvz9dNV8z0RiYOzhP7hK8E43t4n9pn3K1Ja4RWBsqSgEk4nVRRBaLQBJC4C9z/HoEfTsq+JIntOijZvvwmQg61R6Kz1ncSwEoX7hioCWSglt2GQ2mC+ymm1gBx4/c5bKC1cLr00Fyd5QZ+uTNRgDdJ4HgNC0H+nM7FQKT2eLlSoOhBzrQE+4CUSxhcxg9dfQj82C64V1RgNaCOvJABfxggFSfrB8iVDzhxZ/h4U1iEQ9K3KFzr2xInYMb9z2SsoWaZEEV0t3QBfdDRTUTwmKSv+zhj+DgxxQCXmx1+GavOBsP14gfhjl52LN5/apL8R+2iP1KUEvGOirP7YpD0JAzbHYvcCZ/ky+oU5sXg5bZsXEodbVQjr65NqDVqWnVygnrxA1oq1CFjGmTS4rBo9sWzKjUgrhwa99Ffn1OkowpU/pktsdQgQaOhh8kWu9II5Grm8Xq+vhNmQM7Uod28SNCzu/p+kyzsdyVhjY+iMAHl1nZX4EC4p741RWy/pQjlLpoqt9ACMOqHaLOyKFdc3+BEVgVqxV7fI14V1ujJH7jo9oZOfzd/U1Z9vMuwKxBBB7TTGJh3YKEAsP+kkGyB6xfPDySnaGbB76//32hjBK1rNjolmUfXbfCn3d3rQW5ApkaSuUgh/Cwc6rDW5wuHaFdMrC3NZCyGzaViqzwbwqgtJVMvo3KJQK6nLG13WTCP+Xg9f8MxYbaN4BjfvBPTRvwXraImvaeAXNLiq0z3CVYnHaMDU4eVLTW19wNPvW0Cu3zVzhAHQY2E0r6RiK8xw9BYS7Y5dgVTBa0yhmdSjI1VWH1cfqUrZLx/B/BJu25hg0b9B6VTnSfjQt/jjSPCDMZkcxLnfIXN5ajzcTNamnARazsBM9j9hFCUjLt984jLNMvkF60SnQmcohuV7tygXccaaYYDedslIPCNSu5zbQYBl37lXGi/amjAmBHswxbL8f9hOmM+6B9TVbXR5MPV6D7HbfdB6SJIIWTLS7bs8c0zN6E56u+TyeWKJ+LwHwUpuWNyUj+ENaSdCxf9Ni4YsORFmNLmUHjAdtShq5bvOHjGlm/8mKsHmA2J6B4D4TevUuO2g6oPXA0kVK13uDJ9vw/XuY+ZPRgdHK0wk5DrEKlpOdgUungKaRpu4FDu98P4CR8Q27tuksvI9fXlUu8IyzrUj+BCMkQghc1g6uHi6zqJqC+RbHtwTAprwppyhQKdF46C8fdPkL2wRyMCC1HS4Czyd+WEYy05d9WLEpnrDqOUUZOVqQOx2m74von9rGzTF7LC4AVln0A5VhRQLiTd9XYiuQHPZRFmzu5lQEBYJbtm3Q3mTvFc1qp7b5j3OhqP+In8spRmY495eTT9MSFDPmbhe0mlXplsU0gqZ0pl1iTMGh7k9F4hslDOyJ2+iq63WizXJczKs9AjNkFgotOs5AwJyCsAwQymGLXrQ5t0zFmEHRJoFBrxxby6PENbesGZP/Chy9sfSR0+rx+4e9S4Ed+Q09UFBx2shomge3JLpVdJJqqPxmWd5PoU6thdZUHgZcOBAxo8UZcMeSzvjKvTd/kCzA5MZeQ6SPr1bw/RZZ7bGLsJ0BUQ2n+nIizho/eWzU08bwcMEslVZ1W3tTmIgc4vD1j2gia0KWwu/YJ28DCPG70F7A6/nMWfOMQvVg0BZ8qoRe/XXK6/gALqgWGmf9CyhjJiM0OH2uBRP8AnODzNp1X9aQH1uoSXJKxMEDmwllivoHlNgLsG1KICRrTL8vStKE1IuE5cCMNHv0ZmwKF0n2/dLqGgrTayRGrhU6vh98Ptu4ZAwwvKhK3ECHYwyfJS06tS+XpOyXzHdDh7fLqXdpkIP5oAzk+0/jPwSOfi9KqGdfxKypupZ3vaBVchoVXoB5T7wYw5zzMUG7LNKicLqzCt368imc/mGQlHufL5/fh6Of+B8B/bz9y59QQJt5cO1WfLcVEkgXFri1EgKg8e+ZUyBXsaDa/MxPfN/DiWB+IFB/2AifEcv654SZzYp7Qead0fwsKcA+i9dgVA+bJaFMajLcmq29kARewKrOyLF2MsAcIHp0jb6CcXC3tSUk5SsyAINYed7n3RGEuNTyeCufxv1L+IoMD/56+yqMqz4JtlTjUU5W3v9PDCws8YoJEVjy9KNptQ1QdfLo/vURmIjt455Xgng4SBxUMMs+jKCYXz43o7aNJBRcMENiyYrWdXFDDDyAGlzJm91tOFBsIzm+RhdRF/v0/FPnDVg2YmjmkWC3pHGlLisb2LceHDix3gylzdNb3TtpM7DWru07zChxNzsWQ6eAAPHadqCHR5m7TcdfqPdCK//yAa35Td49LvKcCql5uMa0QZTpmObYI0A2ByAydAwhe4ypc7Dq1Y+2+6mOzAAln9ncB1PYS6ofCyyGk52FEnYgrcFv7Z+Fyqeu+7HmVpupEB1R2N5YKFvNXG1VYmXc5GxMTFI3uXn8X6W2qtur+WTDym6Zp4JDF3xkdWa8zBKCsBpNiaUJtoO23HQutONgJK1M/CvT6rrJS4XKmbXwhoSv4GHS7CkjfGKHUeKv8WJq0RVvBhMqTBrxfZHeEwjsAhtZz27hXfreo1Zn5G/w/axnTr3KT+gkW6su1y51SDfrYP3hceCFhkrc0QYPnq2U3yftpTeNwt/IyhRIrqkcCvzMfWgyBQtZnLs6mJkaN0cK7vkou9xKHSqiFPKD7kaLIeRw1T+iyRdUthmQh+zFWlrdB+8FJ4awOdMd0DnJipxyhcO4oSiOpgBzeF2gnt5LZMZvmPGJSa4BfwBOUcNP9USvxXqTEba9reI6WWnbWoT8C+7dK7ejXYgj0HA2X1lPSmn6sCURVJXmskM8m5N/KKOfEiEf5jndPvD1rCnl9raP0j0rxccGXILrl6cef0efGLQ4Otakf7V7wBUzuyKdBVBfJlHjpeD5IfnCHYXccY0ze6wDkyQI/7kNboJ3syRQ8zSM3zq12ot2Io0T+c9CfI6/zCp5PiIS1p97GKD5Ydu1RSDFWkhUAmvX0jiiU/6axEzqIntixF6moFwbUfmOByPzzId7OZt7OZvaU3Ez1kr+OhDA0Ssu6IGDGl4zouw3TziM1piejb0p1S8Cg5WhHDlnlpWAmqZ0KsykRh/vkRs8ltScieB2MojHgQEy8rIPXN9SiB2kFzYcnxJehClCUHc0qhHkTKdncbFzEzrNvGXmeZLF+0P24mOfJJlr7Kr98JTQNXNxL6vMLknTJfMfn6422v1hKrocKjFy7xbVABm3NTwPTi3UaKld2Z8U1Thz/LuZYcT9tE2jHVHTjCa9CYUmiloLPF+CA+ZA9yGZvP6kYYtlLwU/EpnfLI9mB5OpiiRP0PqX3Yqai7UOpUYqWqURBipeFCV8ISWKueZgkbqXE3mBTAR2mnf9YmUJxgYJNpR6OXYZYetPFT2vOx4xtmHahZa1+HFrkrkgQHWWeOJuAcl7i7EDconL7qy53QA5KPVzfZJsmztJww0hYuwOBYoJW+SaNNzi1PZ8dr7/qPvgxFKN3+9w+1WR+ly3RgkDintEcir/CtyssrCHVXIQ9ny1/zolG2BsHGCQhJPHSdSH8hQgt2F2ni3VODgS8HyWMQ32Kz/Z5VzPyWsqpvYirTxN6RAEKqKu3kt8mF0z62afyPKBoKBQs43vp7I12gEwDQfgy1NvYlFGn0XYSAzB/6OQoQGbAQig/tU/Zth2p47LJEFQVY8eF/nKiknizhKpi02AI5k3Od/RQZ5zAvg2JndGL4echXWABKcB7S/3IgMfDf/Fn5ADVRikQTlDyeboBblBHjRIuW86jdvlz82WlSPGotLaXqC9TijP7QxxcfCmFBKdc131/tk4vGm/PWvuxhaz4URPdYZTxlbmlg/AYKRHQaZkFF6BtXsH+MVenblKlAPTdEpTe4BY5+yaYjiUJ67XSy/5D7kxvJkSlmzCCbD3kNH968rye6PiiXc1rZZc75VOzKPUvwIpzVqHBqdUWrerpBLXyI3egzqBWDB11IAbXxhxWxVau5zkPKcHQdKcCyW9l/0ONPh5VCY+W4KNRytqEEVj7k69HayZLzHu3MJ+tTqfmnC4xrmfpljijdbXo0KhIm1GGPej+wXpC2XkfD7KM8p0UGz6iDDJgcPSQVgS39pVtajZLgeShGuzfMFxvdyNr+tL2rgmPfg9BewA2r9s0uL9JLRDSfl+H52GjMa/SgE6mur45ecthUHjNg/FL0JxfdlwpKXE7uCKFhac4Aj643LQPlgLI2xNz8Il3SwtlAVfcgv+cv1dPstAGJNQa3M8LCgd6nB3Vrzd64tJLULS5ygvhYkad+xla6Y7wNuQYgQdyJYg/Doyo06dW7VLQOduldFgYjd07kwkUK+BSdV89bH941zyRGO3OH/n8PDFkae1UbzP0tzvP+nYWdEKeCVOdax8tOKnSzlFSLFHHAJsCU+28aaI2JnGgn9ahqWxKgDb04epeyL3RpnfmF2Sox3ySb5shG3xUcLKYLw8g0SefaAQR5lCenjRdd6TT8OxTqqLe9Ttj3z4p+X93gOrUQ75zRBoJ1I/Ws3BDJQsAP9obfdQnisbXjrwzViJRieMZy+dzRk6hUCFh38fH+hu0AcYzpaQKQuXNMdZa0MIP8X8HfgPFpdjtDyOingJitu1MRNYyIpVXh4Hrvew2DD9/Uw2Q6z2bk6oPKfMOFjv0gtbUMeVhrbwSSUbwViM3F2G7T1O/fcIGxsLGtbB1hdSa8pNm70P0onB7+T1RGNoTkQDoNkByji8h6GuGzRSGxZqqcwptyEZszqxr1JnzEGeV49uHHXVaVlxzfoWXlzzHgIkJfscrBDvdAoUdVQptEOHppV+3w/Cj+PqRfyxfo+LjLBC05kAGHocyXKNU/aJyXKrsOmfu8y9Ma92AuN9+5svN/3yREGbDLZDQHkrVpzL5da5spHikxCsVVnALmeHuo1GSSXlV71MoWa7YaFiPsfsTaJ8mIfU25ynqjGc3xPDkoK/hQErqVq1HXdJHAvLVD6VoJbbtcThLJY1+aMiWoicHJn0BRDWRjbDvbT/gjjJk895xe6W5u+PyYb8J2t+HFNCpqN38y1uTVLhud6VwcWQQbpNVjUPp0rQKj4P5rZMbX9ue8PvQ/ncACW83InP4ij0otRG/PblW+q/H9o1QcWL0GFvQEzXs4HF8JYDrDhUGDI8AGtguVkrJ9L0G7Ro+OKOqru+XsmGGkeqeEt0qgtBolj29LqXnq5qmettaLWZ5GPGNZQVXIktLoZavJx9k+LQ2mwIwKvZr5TAFekTxYhfgllT9oa7vMvDLJW+sQHmmW3gn13Dd1WdwrCb8io2W6jMwCFcHWAzHrUaCpwJjp5FMOzVZXIb38PgDShL0U1QIjiLirGYxfmvOM8XgH5xLGbrQTUDHHrjvc6fOZO3VOeMNoPfTJUKm8awy0sQ9lJprtpe64FecWy2OCRUo+AIArIbEHST5+P6rUnJmQNZcsLKbbGdF8PdGGPogEKWm6SWlNMQQmP+ZYtADE7Hm4zauRUOX0u0qGJaLDjsmvpNU9cUkwXIehsRjJ8ck7rsVMsM8Kp/bJiF5IeQ37OiLvWxU6wZtNeeDbOPtRBiP1xjBy+wdt5BxWjiicvCtdNptlxEEhZRIaAGQ+BEMvnn8qGB4pF8QOB9TBKNIulccqVaKomkVoqAGNC62eYI9I7Cik8fOQXrctN5K///8slN8dQBMtQUCNYb8hq4NPhCLvSyqQGzxsYo6RSxQKYcR7nQYV8xh4/lOE9MLn0dU07bmCWvop6IMwtFa+IyGt09O6AWpQsDCzEKBuI2m00P7VGHK3xoNOuVwXdPMjR+yxmqxeoNMTsCXLsq6HU1rfzgLyDzxnWHl410H33y+yrT2BcxwKCC335u0I2rBI3mkqYqSA++ImZ8Xt1wC/+mBYHHk6s4rlHM21R/0Kw0hdCHazBGjeg3OhetsfmC7RQ0e6RFfMcThKFThxKbZ+n3g0NdOMUQzNMpdGQq7+ELYqQyO9D+oDPx0Amg5DFHIqvgI7Gz1lF+wAGxLUQTEWYZeMuzI0hpGFUwdqyb6Lgyn1MkpveYqJjCd7CuHSNYIjF8DzLs9lNm0KDGFDuRE0yp7KfQXC4Knt3ycfn9rxEFHguUa/UZbCTgpqmLI0eCUMiRjaWhyNnP97scrDWB+IGsHtIsJETbo/ovmHgcKPXoVnOaW5JzIdKqrElzRr7w849hNUV57Vwu9wIj0zlNxa/VVZPjOhcR9eO7VCnN41v+g/UXQqkusaOcWhKoTMJ8zPK7o/zCnifbgSIb030K1cSRf3kFTJVyhfiAGHum201ttEZIq/toLEzOzfMlwOfueyh0rPsktemR30zIw3XiNfJ3upXyvsRW+IQh01JrXfdW0HoWGipGx/s4YP29dTEqW80t6PSguGQOjQZoZXa9b+2SKVXqn+w8TAm9zvrquhpmf/px9sfgw3VFwnPrm4oonOKQCRK/T+lSHDG1Sw+HHthxgdyTbJ+xozMf91wuNHv6Ye5wLk72j2HNW1hLwAoJQjTETHsqmU1k5uZu98ljPk93jKQPF70YZwj5tT9Q1qk5pvU6AliHLNFngIwavRfSnBrZUkahBF4Tu4ENJ3eo2Nad6dvaP3IIiK3BrlRtEnCxZgqyu+hj18PGlZuwWJKV8Ts8DyvHGD5DQ+V9NyUPiWuftSAp3gi2MDmzf2vSH/xZETEjllC6OfiumcRBTdae3v9x2FR/rtYo5oTEd2qPQJrDKG1EQIakWPQ4m8eCOsePbhOBxCphl5BPu0J4N8OmrcUv3AP6w5CwvmyY8ukC6sHjgYXmpmiDWYz4xel1x+C3FsR8gr+Sd9MjGKBJzZt9oBIFP/kJxw4NrGCgkPqPET3XzIDx2SLAlyKoRE1qzyn8QL1ObeygS5Phzsu6btxUBVTFfPQ0GKc82DF56mxnnkFy2abuH38NEhGbzxyV3UwbtbMAPVvEJH9BYONGYOMRxb5XvHG48kYUHbLPsQLBu0je6XHmLTH6xVLNQX4EKlcLoXOqxIT1pbyD+sQmjK9Qns4KVOaZTBZw8KkEzyzaURap6RlOBfqRQhHZ/rByJy5+31CO+JuGlVWbvv6NMoNXj+KPs+XoEmRBcRYhnbFqcHpgHB8HU3aQi6DNmXYmAOJwS92qwgDdOokF4g2TmTq4dtlcoqsbMZb/YQ7lJtNh5gYKtJY6LM6o4bouUC07ol8EaMc6Mn331EkBpGKoJ7kMn6qAitI9WWt+b7kTJsq0kTnZfCYpiZQq+MAnFGdo1iuWYmVbSiCGUsPa0hf1/Hx/Fs4tpgo1eekny3eOIwwEjzX3HRstqqFFbWWYIKtIE+V88XhDckQo8eZZw+ZT2TczmGYy5UPiboMRyG8p1pGuywfm8ySf9NPyW7ta5VXn4qqSxiQutWXI3hU94FKjiczLWrCe2WymYqiMT1kdjonO8BJx/GgY8qZWk5W2dMEifcSevYF1QR887VxR5oWCg8RLfwId2H5bhedp0N3DsGfB+r52g1/DERfTDSVIoIBByXjHK6O4mr6YFTbB4/YpGLZiiskiiNUhPNhPt/7ICl4lDzcMi6GMbbCU9XVxwZEvaDr2h2De0YLCOIWLdcFUIH2FzhEr6EVxtw0t2XFDbnGJILlGHyyBZrheuumDNYezSvQqZJ2B6cd1OjspPMUE64J2yFOix8Lbpt/XA7O9Ri7nrdgTAPG2JuM3H51jxpMSnZ5LqIUxtNPgvxR9YVvhYFWSEcsx9kkcZsanOv+EGUzs7Wgip2V5dN7j7Mrt3Hd67g7S+quVrOSaWIaTkh/VyRkRw7FifoEiCWpq6eJr4WNpjkcTrdTvaKANCjzv5is9DgODYBQ3LFsipDlofFIy1lDjmduDb4lAMCmAmZANCfQ8GU2xD</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2023-05-29 02:46:59,882 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2023-05-29 02:46:59,882 - INFO [Shibboleth-Audit.SSO:?] - 20230529T024659Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_aad81c4b-595d-4dbb-8fb0-ba39e1bfd6ac|https://iam-pub.eu-ch2.sc.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_99b7fc8f39a5c39b69700188cb68b599|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxH0Ip7WAXzNc9F7Q+viVrCin83vTaR17BRD8tC1Y2NvlY5Vh74BP9VL2AP1urvFngYar15VbTHCNK8lhGG+fRcYmFusw09ch9FsuS5Yw3e+jz2EVedin15fYmiajXezF8cTruu6OR3zuKERzDqrg=|_d9efdbca5113cdf432848d0c3fbc7931|
2023-05-29 02:48:43,860 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-262238-BRDSpI1xwsYvUmXvEsLJFBAPhZ9yasSN
2023-05-29 02:48:43,860 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2023-05-29 02:48:43,861 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2023-05-29 02:48:43,861 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_22b8077f56114adf83de8a79accae4891a3983c"
    IsPassive="false" IssueInstant="2023-05-29T02:48:42.133Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_22b8077f56114adf83de8a79accae4891a3983c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>vIYNTAxfdfVXhi/LjGjdj19FGmNPl84+dXa4Ssux2jM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo