2021-04-17 02:02:51,041 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://confex.app.swapcard.com
2021-04-17 02:02:51,041 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:02:51,050 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:02:51,050 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://confex.app.swapcard.com/auth/sso/saml/sp/6011182877a3c86f4b6ebc99/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_74ea55d4-9db4-4ed4-895a-eb1816e11a02"
    IssueInstant="2021-04-17T02:02:50.290Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>confex.sp.swapcard.com</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
</samlp:AuthnRequest>

2021-04-17 02:02:51,059 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'confex.sp.swapcard.com' from origin source
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:02:51,059 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:02:51,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer confex.sp.swapcard.com
2021-04-17 02:02:51,060 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_74ea55d4-9db4-4ed4-895a-eb1816e11a02', issue instant '2021-04-17T02:02:50.290Z', entityID 'confex.sp.swapcard.com'
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'confex.sp.swapcard.com' does not require AuthnRequests to be signed
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:02:51,061 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:02:51,062 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://confex.app.swapcard.com/auth/sso/saml/sp/6011182877a3c86f4b6ebc99/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:02:51,062 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:02:51,062 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:02:51,063 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:02:51,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:02:51,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:02:51,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:02:51,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:02:51,063 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: confex.sp.swapcard.com
2021-04-17 02:02:51,063 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:02:51,063 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:02:51,063 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:02:51,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:02:51,068 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:02:51,069 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:02:51.069Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:02:51,069 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:02:51,069 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:02:51,069 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:02:51,070 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:02:51,235 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'confex.sp.swapcard.com'
2021-04-17 02:02:51,236 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:02:51,236 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:05:24,095 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:24,095 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o" IsPassive="false"
            IssueInstant="2021-04-17T02:05:23.445Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>PTIQ8c4y3VDnsa3XMOBxEUIYfl4=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>NfhrqfBWC629VoKnVkfinDLIr9GZU6xgPbHabY20uBrz6FYuQJvesdiP6LD16TpURx6EZH1ihl0sg7aCFkqQ253a0OuiQdim5jjw3QIM/l7ChSp6HyHIEYs99y3WZuCiFe88qw92Hxf1et03/zKREPMkCHHu+dlCYUWT3DL2gy8=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:05:24,102 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com' from origin source
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:05:24,102 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:05:24,102 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:24,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:05:24,103 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o', issue instant '2021-04-17T02:05:23.445Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:05:24,103 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
2021-04-17 02:05:24,104 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:05:24,104 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:05:24,105 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:05:24,105 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:05:24,105 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:05:24,105 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:05:24,105 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:05:24,105 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:24,106 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:24,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:05:24,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:05:24,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:05:24,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:05:24,106 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:24,106 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:05:24,106 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:24,106 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:24,106 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:05:24,110 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:05:24,110 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:05:24,110 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:05:24.111Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:05:24,111 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:05:24,112 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:05:24,112 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:05:24,112 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@228146286::identifier=rick, context=org.apache.velocity.VelocityContext@8963e5f]
2021-04-17 02:05:24,113 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@228146286::identifier=rick, context=org.apache.velocity.VelocityContext@8963e5f]
2021-04-17 02:05:24,113 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:05:24,113 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:05:24,114 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:05:24,114 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:05:24,118 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:05:24,118 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:05:24,118 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:05:24,118 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 2fc993aea14aab4f191a327e83448a2dbf7c85bcc3c2efdbb334358361a0c145 for principal rick
2021-04-17 02:05:24,118 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 2fc993aea14aab4f191a327e83448a2dbf7c85bcc3c2efdbb334358361a0c145
2021-04-17 02:05:24,119 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:05:24,121 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:05:24,122 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:05:24,123 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:05:24,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _ddd276c69d47aba715721981ac9f6e5c
2021-04-17 02:05:24,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _ddd276c69d47aba715721981ac9f6e5c to Response _9bb4fe69dfa6cd45169c1200c057c0ab
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _ddd276c69d47aba715721981ac9f6e5c
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:05:24,124 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:05:24,125 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:05:24,125 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,125 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,125 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,125 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxps/3RuybisNAKPRa1sRIALJGT+jjEQe7HSoubH8puA6nCLH2MXpH0h0+KkrKa5YYPKLvS25QBRQQgtQAHXQHB/3QArB4kKhhkedrTAYejF26+dn3Za8PCX2i65T4qVN6A2CMIfXU0gCW6eLt with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _ddd276c69d47aba715721981ac9f6e5c
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _ddd276c69d47aba715721981ac9f6e5c did not already contain Conditions, one was added
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:10:24.122Z, to Assertion _ddd276c69d47aba715721981ac9f6e5c
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _ddd276c69d47aba715721981ac9f6e5c already contained Conditions, nothing was done
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _ddd276c69d47aba715721981ac9f6e5c already contained Conditions, nothing was done
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:05:24,126 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _ddd276c69d47aba715721981ac9f6e5c
2021-04-17 02:05:24,127 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _ddd276c69d47aba715721981ac9f6e5c did not already contain Advice, one was added
2021-04-17 02:05:24,127 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 2fc993aea14aab4f191a327e83448a2dbf7c85bcc3c2efdbb334358361a0c145
2021-04-17 02:05:24,127 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 2fc993aea14aab4f191a327e83448a2dbf7c85bcc3c2efdbb334358361a0c145
2021-04-17 02:05:24,127 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:05:24,128 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxps/3RuybisNAKPRa1sRIALJGT+jjEQe7HSoubH8puA6nCLH2MXpH0h0+KkrKa5YYPKLvS25QBRQQgtQAHXQHB/3QArB4kKhhkedrTAYejF26+dn3Za8PCX2i65T4qVN6A2CMIfXU0gCW6eLt
2021-04-17 02:05:24,128 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:05:24,128 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:05:24,129 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ddd276c69d47aba715721981ac9f6e5c"
2021-04-17 02:05:24,129 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ddd276c69d47aba715721981ac9f6e5c and Element was [saml2:Assertion: null]
2021-04-17 02:05:24,129 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ddd276c69d47aba715721981ac9f6e5c"
2021-04-17 02:05:24,129 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ddd276c69d47aba715721981ac9f6e5c and Element was [saml2:Assertion: null]
2021-04-17 02:05:24,131 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_9bb4fe69dfa6cd45169c1200c057c0ab"
    InResponseTo="_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
    IssueInstant="2021-04-17T02:05:24.122Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_ddd276c69d47aba715721981ac9f6e5c"
        IssueInstant="2021-04-17T02:05:24.122Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_ddd276c69d47aba715721981ac9f6e5c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>7WoEM36JpEXSsyBmmbsn3luxr1rfZXdidENrBv5T3nw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>JYBqNXtK2yhA1HB7ywYBurcvG3v198q+Ui+pcoIZwvx/Pz+er881AB+zY0MqB8rcqLqNdZkO04yiirQfM2iG6s0UHB77/UfVZzAVsKbd5qQe5WusoEyumZFyHBNX7DAqAPHQBUuRH6MPZDLGowtkJZRdkMr9dxdEbYAnQKDr78y/wC5tFd5uiJNJnH0c65uLDmpuYjo6GUijT8FhEy3K+mesQCNjXB293CT7BMLeOayVPR7BFDaQ+3VG0XB8BeEav98/cwAbMKXTvAJpqxFm1gwmsa6NpijpgpQNRMqD649ioFuucua+CK1hR1zOoHXxqrbuscF+MsHzRIHZL6GBiQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxps/3RuybisNAKPRa1sRIALJGT+jjEQe7HSoubH8puA6nCLH2MXpH0h0+KkrKa5YYPKLvS25QBRQQgtQAHXQHB/3QArB4kKhhkedrTAYejF26+dn3Za8PCX2i65T4qVN6A2CMIfXU0gCW6eLt</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
                    NotOnOrAfter="2021-04-17T02:10:24.126Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:05:24.122Z" NotOnOrAfter="2021-04-17T02:10:24.122Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">ZF887cY7FtSJbLGwR3TDPQqAK45XQ3Ds/+xHV1oGLG0=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:05:24.114Z" SessionIndex="_f3ec47084db304dff51f4229002d1e19">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:05:24,133 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:24,133 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:24,133 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9bb4fe69dfa6cd45169c1200c057c0ab"
2021-04-17 02:05:24,133 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9bb4fe69dfa6cd45169c1200c057c0ab and Element was [saml2p:Response: null]
2021-04-17 02:05:24,133 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9bb4fe69dfa6cd45169c1200c057c0ab"
2021-04-17 02:05:24,133 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9bb4fe69dfa6cd45169c1200c057c0ab and Element was [saml2p:Response: null]
2021-04-17 02:05:24,135 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:05:24,136 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">ZF887cY7FtSJbLGwR3TDPQqAK45XQ3Ds/+xHV1oGLG0=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_9bb4fe69dfa6cd45169c1200c057c0ab"
            InResponseTo="_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o"
            IssueInstant="2021-04-17T02:05:24.122Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_9bb4fe69dfa6cd45169c1200c057c0ab">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>0I460ah5MGUnipq0kDmqo36riND62+USOXQu8avMFDw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>YAafJlH5D8prdycRf5KjFLRaFdrVQgotTqSAp8Vl1h+s0cSV/tg9LOMVp3oyyLmv1PA5BcDNjKOnv1shyHcHO/cBcpjoRtp8AX9xn2Xd7hkBnceAYpzDBz9dhD3QByiI9S/u+WFhndbE2x9qLryr0jkGWj2JTiL8SZ7bbxkWYge1Mem52cwanp5APFse7KPmsfTOwOCZYWm2eFgGM63ejCpmc38rRqPA05EDDFhH2pSR98JyhXI6ZckpIE9FW0xx138OtDk/HIgBy7SgagoULijv5BDmOCYSVmQKu4RUxHo3gpElwxqBz61duKnATmPk1GIhUJ3A+Du1+h6g57rgRg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_9877d65a177c284b76078a2a2dc4c446"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_12e2772e7ee28d1c21a36c14ab4b6f07"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>UdVhsTthD4yvYkyfC43Ewek81tuVAkfda25/E8t4EznbwEJ2knJ7JMVLFLJ8grD47EBe1c6N53hQh7qYrAtFnHsHxH3YE2nu/NtP/ULPt+Usr0MoIqNucOuThr0SXBvExiOUuYL/IhbVX1nT327W7IUJSZL05SYWzbZ3O5VZw7c=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>6GkkWnWu0N6hFkV+/qzv+NennUdMv3FAY3fgdz6LCMobYIvbs4nyQzh2Uy4NjGDDOTnfwkSQDszMK4q5B0OzXaw0fSV1cYwRAZ94Sx73ZSo4oUmc3WfK7KhcZeLmWv48k0Cwh3IIBXvxzZJ2ANEh5yYYqO3b+zVnMF93whzMxvCnGmS8y/UOuujU6awxAlPSl2wTIQfuSLTeYRTj+EPyV5jkSIgVxOWP3lkJJacp2JODZTBfBA9mrnadik4fx63TKBvI371KgS4e/pGwt7PcDuogclqKPwdjpFQPYfHKcwBlNOAexd5+R4yHtcM8Zukb70GsCwRB4onkFRjMLFiTzAYPlIxocfWMrK1x5E7nEadYLZqmKeYVaCqQhI+TnLKkdvCVT9Ecb0+2qfVWAMQSbFIWHLEGfzIkxiq7db0hqfVpRy8/RMFpiLuurXJP77s3175VNYI3LPvTybVxSAtcKMwobgiOnjo1YUgfqdXXO/Tf388Yi83JbQ492JiTMd1Xpd0gW0hfSMoAsnKU/p6N9P9IuKQ1BdQaFPtYTXUjRF8XORRx5pzsVe89YitMpPNNOMrEMroQFvuno4NdCmwT4gowFC0Lv77d70aTCIyHQ2roSnZc/jjE8ni58R7XUhu7fIRZeE0kLDcY8zkA5sG1OHtpreIBebhYFlbfr5gdxJlQhaXxg7wYK1pHO8jxv1z6xo5OMqEex3ZzhgYIluadloVjw4fF9sDZ3h6vFHmf5T99HzLsLHJprFHtiSvwqYuBZjHpRAJq1cB1d7Dd9oi22H7nVSVWbYsN6tQiB1YLXaCiGWXd65R1QeZ/EDo8xPJmyk/VALmouDIjZRV0Vs8eerX+wcO8Ld6Z62jb+dG3RoU5vN6zCHy7WQfc1/qzBaIupJdk0TpBGta+hL04rU9Q4f4/mrdiO7kVZMUl82RtadwrOxr7y0IvJfqaID9E5t0yLjA8Cy9kMTRf0gPoGkqizEqSuU6iKlAmhtDLcPBtTGRDJ6hcdY5tdzYVIY4XeRvr5cRmQQLIw3taFx+ZLv8uDyDILrv2VcdOyqKL34UBYaD7CITx3rjZuJZzZ/+qB5yznHIlX7tgSMD76oDwVEnNgEVM36doR2IJxuJi62dF+BPKQR4KC3M4xUcbIvzcDpJP7OZ7NvkExbG2NMHkP+9prul2WF2fYj1rnzaPF1vBn7PsmsUYWUF/Je9f++fETp9I+m5/qi2IkjT2Dvr54/cOe+guXzPTbGkoJytshzyHvTddf83gq/rgsN48JZCOFHoU3vku88TDdYIb7pe8ahoLmihFD3UnkAuirRPi9z4z3EYWf5Di8QSCpA7VQPY62V8HEqrxMgBQFu0J/kPxoYgzMqxcEw88h0HHFA57ttJWiT9dVuiFQXE1re57qU1upKhj1JoNewGwsvjbL2g2idEKTCUJzXz8de9XTSWvSFVU8huiw3QvRXkQO0XeQ2ZWj/BNlJT9TrHKJw3Qxrh8LVhUIo3L6YbujzxBW0QZysFlYVlauJ9GGkl2U6lQA8UCpctGsU3aYMPjP/sso/VQFpKan08mqPpwbK9Y4Gzbx8BVwxbw+kKG6ALV4CXXUaatsIKs2Ugc4CAguFaMgGlXqaQFl0SJlZzvbTF4L9SK4safFK3Q+DIsv67LncoyM1pdepSSKeT/XXebXdBIe2RjDStBPjihsfhDD1dunmrdPGX5aj/YGvy8ggatVNMJY5FnY6PXsExDEHu2fMWS7LR5/SX3a22rpbTVC5yfou/fF1osD8DrHy2hnKVwFXrIPpdouRoXtPcyG04VityDFk9GWelVegn3+ZbBbETbHpgtIQ3cNCMu5yBkCrnsqVUxZtWM1H4goQ1GWdMuGPsi0fcuj5yU1kVTPciNkg9hz2u6JvZg6jIAm27KZgqKi+L4hWBrouFKUnhpEUbjkXSObHPrryEKmCziiWvnEie2hEoOmyTXWv+M8sl2wPHjUXSwZPg0uTz+MZwzWrU0zzZ+MMKFG4f17G9LnYOinavlV3QajkEKjWSFfns2fSyk4Yc5wemUKvqZbCM7q8CsDspamVnbJqRyy/GmqAuxJQcPM74QEV7e2VGp8vBKOXqtrCLVO3uNA9/BTtM39kZpkdOc+u13IbIEKJV9m0LQu1Rs4TT1akmvqigDUJ6PqmnVmHDhDLI/QqmEKPR7GvNELvftv1dWpP+VTq9kjXpDGOe5SRmNNEteNfdtQqzGK7aHNFt/0+7t7T58I+5dpiKa+zI7AtWQNewEvVsBeaBHz/Vz9CCh6jKBJTaQPtG3dwqsOpjtbc9jQWZEA2OoovM+bP7HBBlTSMIKisBCxnvwACB48Dk5Z4Swknu4+9wUqD+EKTYG3YSnEH4j7m9MQwDQMI0nOUUrHYrUtIIShT9wzdHiRTFVCKD5h7jjvP0onS89qj8yftQ/+NJuV1RLiebuwhKur6/yidPt20q3RmHW6yOAcKyhuOkE7nQ2knEiPOj0nOQbZiZSZed0mhjd10ZIlcyRiUWXdH7fsAzB0Hdj3QD0zXtcCyv7MINKIefxcUxYUPtqwQ2S9lqAt0ehct6S9VZyYqddvU0uQ1KgHqzeF88Exnu9Yv/0T9+euEbxmh3gU2A2mucVkCtkeeIf84R+4LIJlQFK52X/GxN71ffjkI29uEhSMR8hKvZskn3SPw7mGrDduUemH2N8W4t1tdtV1d+c6O1G2Ykc+gwON97mcIDP3D3vUcGevr82XWqgl2dAFcISU2JRGFnc2r2fD23OkgeUh+q2r65QAZRsDqwkzdFtyNeRDsSppEF8VaLjgdhj1WqNHb8nn8Hex16IBcucem4WPOgP/xO3B+FRn1GiyFvHF/Ro2tW4pV/f+T36cCtRRO0yr7d5Ps/FVexC5Siplchh0QUtCc9KXqxVDLPSLvvtpf5QMDAyd0KdwfD4/PHy0tGNdFKnrM+56XbsntUUEkFv3erMyHO/4n7w5cOWl9307/lZ3be71U9MxlyV4aGslkR2vdQeHDY6mhufqf9U3C5JTPmb47I607IsLmNy08aig2LMPOisVyyR/LzMGbHlDY7FmKG653ZXEZpORJLmwR+BOZ98/pE6R0BRnVg+DiBpPuh0jRmS5OMB36yWXh4s6Sxdh91gc8ir2q9VeV97FkcZeRNnXUJIBsh1Uec7DLD33wrJo/oIUMVd/KP33QfT86KjKVh00Z81gfh9r8QyrVRGj0fhZ/OIBaF+wO60X79s33xHkNXU0dTWTOy6NrejuZQnr0ZZzjDlITvKQslTfp4w3T4m06C0ZexjW56mUlmfSKeKiUBBeKcjZmT1DMOBUg3qSBSBQ+ZpB3s0pepdTcUxkOfVlyyTFafbW/Cy40J0/EC65z4UBWxyAhWG/kQOAWPt1+zs9JIWTdHf3FD7M23iY+L25cDq/YT3fyy2YN+7Raakwb0JQyUvAs45SJpO9bpzOITou4xSBwI3xBhHGFpdsOh9iyIQg1+rZBTn48pyRnaPE8nX/BicVLjUe5kaWfEHEEaY5cuIJDAArobZ9B2SzmABtD2kwZLZ4QbLX6MdQGelF5uTD7hQKhFFw9Rnbhq6a8ZSqSUpst5F32RnQO3vFu+oC/2wPTYRAGOxV37Epytf6F8Z581m9rKwgDwceMzF5dr/hsSPtCy/ksSaJcdpyuysepB/z6/ex5cqddRAqyahzLwwOBrftqJXfTralidWUwF9jm3B3QKdWuUmsulY8V84kiw6/nPzdYqedVCtD9fd8DBd6QpDSU8fFcWhRwfoXBTmF9zJfA1Tz0mRD9f7Sqo+Dx2hC8jOhK7/EyqmsORir34X8MykiOqk3spoo4m67mYxaSePRQEEc7OtRCNc16QJTYBD/oGgrtAib/e1AAhrLaDx/iaMoS9zwbYWRe9pRL01KMB0wLyLs2tdKMDKMBRxbVvNeZEZHIUZIT1dyGldysHrY3m+CZHe0giNyCLrIqGtUZQVg5w/h4EdsL+nR4R2YuVRy/HI2aKH/aGOh+0YvdjFph+GcU1bD0qOBxBIs7ijs5JH8UFlVDusH1oUzOHjCq+293MY9DBHK7BLNImdJXXXpTjVVwLRtPgRZWsr9TmlgwwJ4m0L3ARakFlgRuvFKzQaz59bKLLAIXvceRCqmFPcjtMshLkp+mdRCMUof+9K8M78vYwCzMZ4zsFqvtixjTrWRQLyClkacmnvmX6ci9v7475mpET+gY/xlSm5j9df2QlqrWvqCpClA1N+dAS+aNsMZatu0Kzafre/BgBPhATGTsy2yIeM1XmGbQUE3IF7v5NiCp7OprVyWo54Etgb6aTmwLPyOypFadNOMnkBqdmWYAKG5OBGwl6X9wy3KHcCo4R1lKd3xQi0ArNW+ZD1av5mOAMUGdpiibvjRDCY5emRseNeugFdU+kupHHh3ve0MjkKDuR+XeEvD2n1EORT7zAxtF+hKYAQIpZ6Ldjab6L2G0EcVHBzCEcoYBLXB+P9WbD6TeuTGXwWSXgBMTjtXxMo99tJkjy4geK57lvzGqgftgY1gh0BTrTclAeXf9CJfyfoFtddzo8PlskQI4PzTPQCVsjX2GjrGF5TOGh+Nw7TnXt3gWz/pUlWEUflFNPUaagKpquKWwBZ9dcz4qCvRZpbcsXxL/W/yY/8jRTki0p5R4tfhAzr/QN83+4QlC7v26EMsDOJR7XdZiQ9e02n3ZUkgGQW68wpzx8bFp2CI53KabRJDoTGSxF29UA0O2NUH44h52VfgY3U7Qv03xyeYYpY6r3D8U7zE23gkmkpQaQd6TEwgUHb9Cd7oP71+BUtEZABl/7t0YxX5XmnmUrPzVQLq7BN3Li2/zWBbYGPV1IrYd67nwhhBBJBdP4csk8v9XIc9uo+lGT50Vvb4qylBVcmFJ+VzIOcXIYCBRzuwiNEpt37i7trMYfGu2Ga0WHYwo88NiLLa1y4iSrj1ppdNp9nc1/aw7FXWt5pipY1MYEwRK9RLIbtaZhxZk18/ZaF6CS3CuSZmxZDlvbFtxa1HjFtfz5y7decnYVKDtxlo0TzPWcCsr3yryQP86EAQkfiMLzwVfLYEIra+r/nWGiM99InyLFlnuigN6vwpPnY/+4yboI3yPJlPbDP4s/RLKoFqF3JG2mtt3cS1G+xSunaun8U+ztP9mqCZB5Zw/DVvv0mIP9YsXAscX4A8b9OKSF3qmcM0IJY01oq0w9qsFpVtAi7gJ+ym2okquegDyxO72fME/4K8ChfDSSiavt5UmT+RbKyDFummfJ4uKW3Q9ZPXZRkYpELmV8qmYqeUZpYllJLyo9HZ0nSH4KGGhIHbx32cNpCo8+s6UcY4hNrczODcxotXoLVncOisddWYk/1ucUT0uKiJnqfqf1irKhPwxRJzWTvpNzgIC4lCkgfhotoQHsq3bIS0VBQPOfo46Fb0el1U4mvQyfzHp0qLzE1dRIp6R/BbIiADez2ytGAuZ7jcfKeOrFNAZdcNgnv+E8jhqlqtT8Trf3caCZJUck4/Vx6UToTCRrvmLXiDQcsriy76LFFd+918dXpL64bZXi7TqmLuUDgJ9d6gvwRSjvTslzn+M/yiaJz2AHVR5s8qWQQsx9aV+56BhkCJmNs4uD+mV9PhgtrU8iLCA+mkKYRc7SU2fwYV2wFL3RxeTS+HoRXMdq452lc26wK0MyhdNLzRSQEQM6r/YhcJl0Nq4wzawnEpFnj3V9bozuF6CLRHlbartTHxZGNRoItKylJHXRYtCTwBwl81c01ZTfYbPz9GFROE5pFAYzcF9KQSAboO0VGLR1Fj77Q75jlZFs/659X7w+b8Y0LlkCmfEr9ssRA+k0kCw8ImZy1+tgGjpLsLs8hWVL4SA8JJyUVguEtDJ/ZMMOYd3/iKJ68XrNj6ymYCP9NntLDL8I5KurTfMbWJw54p1Sqd/NUytD036FiyB46q2e8/Nz6MGn4IABodqWtBFtSfhP9LKpQbUbS9OklZiSEIZDBXf7zGWBEX8eFsbCR+m1BPyPlilMozI3iqOfM4XQmimUiPwE6aOGMKsVq4M7FiLwosYQwFmRkz2xXoeWMIzi5u1uxnKh7b3FQvajsRjpWkfkcsfw0sNycn6EFfMTezt3R4tST2+qjyb0Vq661pgmjZU5irPuwVlVEnz65ns9BKqNoIlfBkujWPlRgRm392PeWZrglc/LIA5uiULH3T7Gm1cg+ur3r+fVV2dwGulSPTX4FAy8TLqqTjEELVKrR+5BTTbBzOLGLzsswioMZsj6zbfkF3L5uJ9kDUAby/Wks2i/QKDLlMbQvI0AaOS7Nw6cRPZwTmqcbIeZ744VvQ2Wh4EX1RfjdxfYqM1umEKz39oeXBW/ViFBzRbLWRz7qUnpVpW0kQpxRwbzMe5kNpzwm2WMNqiIvBTtU5U2DrvIe2w12b6wI2swKSpFV3i2SQQxidS9eIMjinlPdR89Ik54xQdTnYLWMD9KkAPPgU6ftVZF+cwNDDDhtY7xHfYv4nJACrPYARXyZNj6PI8l/naI/Tl5odLgWYj9Z6gsURxS3CuPAUsB8gGuPfNdzG5pBznWEtp5apQHOfYbk6XICMKXruxYBVguF7xezH2hCYPbOnJvYp4WkMD5juQraXd21kkaE/iPleHW9z0UGyGnVibZs3IYBdoQJgMyk7C6ou74E4Kmm/HfcKvjpVF8rNVJ8vx72WNlzB8SxOitsBudF7ngxlLzlGRSf+HIpLU3GkxBkLRgrCgIpz/WSnIpHy4sOEQvB6O67I3BTjPgR4Fbbe/MyH0RtQDe9v4mFkyJx89jj80G2Ip4kNSlIUUMFs9kdqr4Dh+1ettguPJBZtpALDQqRc3lePNMV04H7cD0EO1uiN3LB0+oul6NKhy38+s7ZAC4K4P9xPdPPqg1E7qBNJZLzCpiiNS+NPdknn8TsCk8XJuF1J1BaJ6Fqh2YXY9DBXsOc10OPm/+yMbeeLt7MmsiNUv+Bf5K2Xho8X3hC261MNhgCnep/jQzNBfhshR9pfgGbdsHfUaontCjZNFkpBeGzXZ7r1tGANvo8tuYGIdU3NxOMVell1llU+6lOJ7UrY5W5tCjj+vb6sJtngQO/qOciuQ6EgzGHvpgSG93cZGKTkz9uq2cMjfjmHo0yLnt1WWC3qdBHUyPF4RPmZkw0ZPex3U5TK1d/Kkppymofw5G7q6S9EJ/Rm+o1XNYg5Ohlrjse+hC3373pIvdjYaFjvZ+0W8VYXpJxg5ku5VFqp2aHSPsQCa/fBQzezTl3EMQQBtyhX4DdoqWZw1PLDeSpCz/+imh+FOL5odw6XT0Hh1EuVse0Hjy33DUfa4il9ebSUQaIruTqSwxJatA6u7em4O2PR7ogZcXKwZBow8cjxR5LXrxUTx7WgJJMxatT1eNtiZ8FGWF7W1hLCGJTphT7iMYwbUK5rkC+N+g5jL8yBgR76jygpE3AFUBIJjfKBihSeoaBKb2FcL6Fc4Nictkg8VI30QakMAXfB2Exox55JM+aODZ7REGr1pP8PN0e6r3dcuUIgMgJFqcREWcwfGPacdKMi8A5cuYgNFrSqKhjx2bA6XD8a42dtLD9qTkivC7Sxj7zZJowVL45Za4u6kCUw7Qp3Sq43VZf1wTFzpClnkInLAqzNmjdZ6r1YdqB6Xi/FcRxKCL/H6gf8Br1xJQrMOJdpsEQVYCik2C/FwUORhzaLbGnDrSHRfq3vNv4Hj3OwDdT/5aGS8LF1toMWMnCFN+bCR9nZt5tNq4SVUy4QsTL70uxSSe6RJzuYiUIDQGmMpBvrkrMGBt9kuM+nukXRvxTg+CsU23jjg+PuYZ9ELfliCVvE6rX2LLeWOvxVZID60FoA93ShdEFxGIP1gTS7qtaxjGhFL02TEQqT1f5g0MIls/jJNgHCJ5rQsZnTCGMcv++32iMc3k4AN8GJvSLOwy0R8rp6iEHLV3jJWhD+SlXZtOtvQA4/4j8sEPQhGe4RQ9D1pEZC86994cEcyiIK+TIc1Gj6G/cpEAqQAYKFXlquvMkHCdZ705FFSF7U2GOJ2t5jR0RLpEyCL+5ccxykd1DB2VYr8BFWg60BxZMpKAYUd5hJZMAZVDk2IpkqMHUxeHdY48UlqGhw1MlQLCu41F11ddRcMhGCkr1SMCxoWriUW0bY09Jb9Dne/+81pQjAUJ7E/D6rUBde/zY9jIWus6lQHhWEUQ9w5GEUNsAKk1vDFlvP324WCnWt3sqP7lr7fBnY1vtXs3Air/uXWobzDonly3+Z11z4NLHW9DmEbrd0Ea3Nj26tx/x9VCm5TPP3/HZeV9N8kASGQkwdLhmbNv4kIxx9jQ1wrXwTubkeSqV13YQvTtiipkDwVy+d9wfoZflwe+H1END/npQ1OLYM+uqKDnaF7xfWeManKAeACWDKZosul+NgS3yLbrFfqC4z6FxAzUajZ4yrcs6eupN4/O8X/3HOkPLMG9ueAKCX4HAsre4AJHeKw5UI56fUkl/R5azvNS7qVS7EOsNQpR28odQ6nMenUB93VX1Qvn90ihVsrcJfWAeZUvFFL/6zC3UnybuWBMqwTHhrsV9NooLqiQOt78g9+0be1dTdm6/bQ4EuJOGUe7I7PaK1gI+Mn8utPV0NA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:05:24,136 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:05:24,136 - INFO [Shibboleth-Audit.SSO:?] - 20210417T020524Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_pgg86quqpi896ps46r1ffs6kbt7x47o6vz6o|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_9bb4fe69dfa6cd45169c1200c057c0ab|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxps/3RuybisNAKPRa1sRIALJGT+jjEQe7HSoubH8puA6nCLH2MXpH0h0+KkrKa5YYPKLvS25QBRQQgtQAHXQHB/3QArB4kKhhkedrTAYejF26+dn3Za8PCX2i65T4qVN6A2CMIfXU0gCW6eLt|_ddd276c69d47aba715721981ac9f6e5c|
2021-04-17 02:05:25,977 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:25,978 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_amhec6anirenrw5dam1jdfpglc2o6ppedcan" IsPassive="false"
            IssueInstant="2021-04-17T02:05:25.340Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_amhec6anirenrw5dam1jdfpglc2o6ppedcan">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>BDtOPsi9dEzMk/IrdnNSlpQJynA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>HLE6+yFx1PE+i6gfBkj3DZ5FiK9viby5HtBE8vlG+pH1gsir6pqMy29QT9F9+G/SlBUanGQ7ms73Ida+lxUU8oMLQ4FWg5LbE6Aiw/nL9P1r3SNQaicAPr92ZcWRI3v6W+9m8yoY8kKQcn+fRxWy4E+AyknH+t/sXnGFfwXsvIE=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:05:25,978 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:05:25,978 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:25,979 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:05:25,979 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_amhec6anirenrw5dam1jdfpglc2o6ppedcan', issue instant '2021-04-17T02:05:25.340Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-ch.o13bb.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-ch.o13bb.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:05:25,979 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 1024 bits
  params: null
  modulus: 126664469800380770773972778096329230967838830807335020944856402588433272451405299989725111925000259452486256977271956160110204670418736725511979819866908378089628035491591777699093647368786263598103189382680073566489484332485554027625241493766204516582342822997262720486560419481997023269854507272634386236633
  public exponent: 65537
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _amhec6anirenrw5dam1jdfpglc2o6ppedcan and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _amhec6anirenrw5dam1jdfpglc2o6ppedcan and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
2021-04-17 02:05:25,980 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:05:25,980 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:05:25,981 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:05:25,981 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:05:25,981 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:05:25,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:05:25,981 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:25,981 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:05:25,982 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:25,982 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:05:25,982 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:25,982 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:05:25,982 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:05:25,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:05:25,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:05:25.983Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:05:25,983 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:05:25,984 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:05:25,984 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:05:25,984 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1603508578::identifier=rick, context=org.apache.velocity.VelocityContext@4f125722]
2021-04-17 02:05:25,984 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1603508578::identifier=rick, context=org.apache.velocity.VelocityContext@4f125722]
2021-04-17 02:05:25,986 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:05:25,986 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:05:25,986 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:05:25,986 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8bfff5cf7fa5c94d44eeb46868561c03f2f07507a360ac4ec151f537f413078d for principal rick
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8bfff5cf7fa5c94d44eeb46868561c03f2f07507a360ac4ec151f537f413078d
2021-04-17 02:05:25,987 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:05:25,988 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:05:25,988 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:05:25,989 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:05:25,990 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:05:25,990 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _b800c160a3bc218a4fce58e65f265956
2021-04-17 02:05:25,990 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _b800c160a3bc218a4fce58e65f265956 to Response _0e35885848b2fc1d2bcb2bf727fdb341
2021-04-17 02:05:25,990 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _b800c160a3bc218a4fce58e65f265956
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:05:25,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxCyJ++RFzln0N7JyiT8LuMg35Yj5oHLUFzxBoHuyqjz4AdgTfuxBbsXks/c+LBdmo0RhKz7+pWIZBg5zsz1QhpdfvjOXYSh2o6Vs1X91/2fnJJ5oD17wgJ/wdoM35K8N8TBhEslSB6cEGXMLv with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _amhec6anirenrw5dam1jdfpglc2o6ppedcan
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _b800c160a3bc218a4fce58e65f265956
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _b800c160a3bc218a4fce58e65f265956 did not already contain Conditions, one was added
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:10:25.988Z, to Assertion _b800c160a3bc218a4fce58e65f265956
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _b800c160a3bc218a4fce58e65f265956 already contained Conditions, nothing was done
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _b800c160a3bc218a4fce58e65f265956 already contained Conditions, nothing was done
2021-04-17 02:05:25,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:05:25,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:05:25,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _b800c160a3bc218a4fce58e65f265956
2021-04-17 02:05:25,993 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _b800c160a3bc218a4fce58e65f265956 did not already contain Advice, one was added
2021-04-17 02:05:25,994 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 8bfff5cf7fa5c94d44eeb46868561c03f2f07507a360ac4ec151f537f413078d
2021-04-17 02:05:25,994 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 8bfff5cf7fa5c94d44eeb46868561c03f2f07507a360ac4ec151f537f413078d
2021-04-17 02:05:25,994 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:05:25,994 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxCyJ++RFzln0N7JyiT8LuMg35Yj5oHLUFzxBoHuyqjz4AdgTfuxBbsXks/c+LBdmo0RhKz7+pWIZBg5zsz1QhpdfvjOXYSh2o6Vs1X91/2fnJJ5oD17wgJ/wdoM35K8N8TBhEslSB6cEGXMLv
2021-04-17 02:05:25,994 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:05:25,994 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:05:25,995 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b800c160a3bc218a4fce58e65f265956"
2021-04-17 02:05:25,995 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b800c160a3bc218a4fce58e65f265956 and Element was [saml2:Assertion: null]
2021-04-17 02:05:25,995 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b800c160a3bc218a4fce58e65f265956"
2021-04-17 02:05:25,995 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b800c160a3bc218a4fce58e65f265956 and Element was [saml2:Assertion: null]
2021-04-17 02:05:25,997 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_0e35885848b2fc1d2bcb2bf727fdb341"
    InResponseTo="_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
    IssueInstant="2021-04-17T02:05:25.988Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_b800c160a3bc218a4fce58e65f265956"
        IssueInstant="2021-04-17T02:05:25.988Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_b800c160a3bc218a4fce58e65f265956">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>5HGDCpNTBdHEaz8S0AWKaT4f8ppTdxKkpFg2QLrY5uQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>IBY4wKJkQ1edT/65cbuVAUnuHIUW9Ti942R6JlrlrTFHbKvNcr6zQSHTxyE8h4cLYp3svrW+Bi7aFjUGXgJKdR0L78EkWK58sd6DOlqA5Vn15crPu1eJClnuCaEr+6G6LkQjy0qNLq70kqx2oGEehqs7NtD5KTpofk3xk427X3Oi2ExnUbLbMfbNIinKjCOlPIUPHDfPmChroAu4UfihU8Sn4mDV2O1Ut1w7WEgmy63Sz05GwE8uU8wJtUZgjob60H2G4HL7zY9kCAVsTDvG84vRvIHyLW+VWQ00yriqarTC4OOihrtRB4NwFmjE9jhPscKW37ofHTWNOL/VXGsbJA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxCyJ++RFzln0N7JyiT8LuMg35Yj5oHLUFzxBoHuyqjz4AdgTfuxBbsXks/c+LBdmo0RhKz7+pWIZBg5zsz1QhpdfvjOXYSh2o6Vs1X91/2fnJJ5oD17wgJ/wdoM35K8N8TBhEslSB6cEGXMLv</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
                    NotOnOrAfter="2021-04-17T02:10:25.992Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:05:25.988Z" NotOnOrAfter="2021-04-17T02:10:25.988Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">eEAry/7XZ4bTaBw9jWkyo0pduH0LrdJ5oARfPi7whT8=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:05:25.986Z" SessionIndex="_f1119cb9c6f728e1595c1a8e43109057">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:05:25,998 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:25,998 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:05:25,998 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0e35885848b2fc1d2bcb2bf727fdb341"
2021-04-17 02:05:25,998 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0e35885848b2fc1d2bcb2bf727fdb341 and Element was [saml2p:Response: null]
2021-04-17 02:05:25,998 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0e35885848b2fc1d2bcb2bf727fdb341"
2021-04-17 02:05:25,998 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0e35885848b2fc1d2bcb2bf727fdb341 and Element was [saml2p:Response: null]
2021-04-17 02:05:26,000 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:05:26,001 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">eEAry/7XZ4bTaBw9jWkyo0pduH0LrdJ5oARfPi7whT8=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_0e35885848b2fc1d2bcb2bf727fdb341"
            InResponseTo="_amhec6anirenrw5dam1jdfpglc2o6ppedcan"
            IssueInstant="2021-04-17T02:05:25.988Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_0e35885848b2fc1d2bcb2bf727fdb341">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>ke1wLJtn8rZg9jW8dHsdetH45P2OAUnuMKPC0LpD8uQ=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>S3acODM3RjmL4Qisnc2K9FMnytXf/tMfyJu6qaQFK3eMOLPXRy4Vtq9a+5n2bJlPwwxXC6v8BEvg5UgD06BscL4eyg2MD6J4XcEkTQTvF0s3FVqcZf3UsfDBr++v9FRA5BzUKN4WWSPIevkwEIAYlcLxpPFlCPktVZsoYyoLsUTV0MDn2X9MfrcsQ25vw3hbAWls6Bl60KkLfKRDA2IAPBI2ACZaJHmP8msqWthCN6+gKVmqLeuiKb7lCWIBoPpOB9ijPiuGNLhIa1LqttSq7rW6P0hov+fId1briGsHEp9BFWELpWoHNMzeuvMDd05pIkOo26IPFxyqNbmU+W03Rg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_33423760d9fee8eb30087269854c0caa"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_639fd0dba03bbee66f14ca04c03768a1"
                            Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>fQDkZEQRxYpwIRiTlvKhfkvPGS7Wrkr6+rYtWPRbShiKr6wlnPfUc2tOqtJkaAvduVj1HpqrfbGAcFPfAKHGFUejWggjY8aa/qHRcTWJF0nePSikV4IxGUY9PnfCSjFge1qFjzuxgveYphM7owExKj7vWiGQ7oYrGChmX2bHwx8=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>EeD+am0OSt7LR9ll5HpWU6PoQl98ipkDjwaoVGkpl+xMMejPBTMoO2fCeWU4bpLIee9uZQjvlsfqm/mjlbUV9n1FILEr7Lc7uEunzOX54F0V4m2IwaxMXgtlsUrFV0M9peqo/gzx4QumvS7UDJ4IUaNH9Ppt3m3ZhpyIYqq3Bo97J5p3G3FzXWNjdbobF0jr+oK4SY5LvEcmDTtDT7/+GnqaPg1BAMJYUIXFNomnOhwio5ksCXIslfxVTmZujUjc5+8QMradn5ma1CqA3y3poeld4Ks2YEtvxMhtCIuBF37CgPjkCHOugV16FqWWW1Q2QKMC8SpRTKWqfFhOXhUoYUWNNk3/ODmoh1pG1U0V1/8K8fUfD1S3fhGYAS+8Rz7eOhr15dUe1ancS0oLXfCjy0aw8oDwJOvqfV0dGCkHdpshaqnx8Gn8REFDF/svXaFk0r/sHNvUJ3iCI7pomsXgWr2XopxuHsWFiIzwn8dE/K4En8/XvQ07ADZNIujKnOkubF342t+TUJoaC5f0G4N+Y13lG3QgcG/iDG5xThChzoyHWXMxXUfY3C7ZWhYd6ntG6nfkygvecbX5VPP1Jdj9sVFbjD7Kn042ldqRA5fJ9UVgcXPfx5ceA3Ew8DGtZ9zGYBKhvNLLR9/SEYRYYAO4BoQ8LREIwQjG5gKFKytjRuLiiO43m8SWTmL/kGyWgiGzv/4GDcnHrd+9JW2rOXMNa78Wod9624MwwAAS3y+L0rxxTTt/Z921AY028fERKO3z7PsiUTjBy1T7y+W0flOdZVtM/oGOf7Lk+QcOD6vPi79tQwnRJnhW5YzENnzAT8VouyBHL/Q3mj0yAoHpMxaGvvwD7cTFENNMera0BCtBPET1dZD49pyjxZx4PnEtBeQX9D/NSwSJWuAVk0olDnIO3uVrv4/KEhdNyfQsoOiagGPs4zfANKfKboREOdhipM5VugqyPGHduXCT7LzkClogjhRLJOedttBQOEC99LrE2wYgG3A4eR6oZ7iN2pk5ugza7VJan/RXqOc5OQiS6homxzjo4hyUZh181v42oW5TqXQLAU7LlJUS8ysz85AqlNVAVRTCCOpbn5fXFhHT6YXXkdRidAj2AZdRrTNFwcgn0uuhwYjQGwxpdSZ13W6gf4tRl733EZE3f3djz9E8r0xZ2q4kAWxqcG2cGiHAUfRjYtd35+MiseqkG1IECKDrfxUz8XxWRL5qp5vLIxTUvo1nIMYajiWSFOsWqxM8sWwfeEqT/b3kU9lf9xEaTVVyXNwdqwxRBkfJ+8VioTCyACmtIdRVEP8cb06mfShAahmt7aTdrwhHtyWShGTU0I5bUZl2Hlmbm+7eF+lBvg29M65KD/azWVBFk5quJzCHmh9WTkKL+cmiBdfTAkDNDSRQJ3Ymkcr0WXdhgl5Rairo+pmlz/f3Ad8w+yyzqMb8xV8zP7wa9bqbBPtUMblzxQMr+msJMiDwzt1IpQ/X3tiRQl2KiVvSozbKo4q/o0EA4N4zPAJVP2ZjDUA2KRo+un8DAjGfeddBV3wsrkeccPbNjpG9vH75+ykIXib9Ln2GshRwpYpxSVS3DkfxJJvw69XBRLjwWxejwHLtHLe5yrUDbQ35rOAcEMZis4vPZo2JgDMbCWuiv145oUxwrcdfougEdk8tkXvfYkx6Fm7tnzXrUgSbeI4YzRgtHn5YqadnaGtgUIdtuopC2wNrxtDUu6N7os0/pjeXpH045fwMW8HMLr4KXEHGU1qLmss3wUDNVWK2goYeNttPr9ohoJBuEhTJzOEhhlonP+R+D3kd9pV3VwAXua5aE1Hn0Mj2alG7PiJ1ayQZ4+hRpOFzCDblQeE987rhZTRGS6tlcC9CmZZIOpz40og8f02xm5AMP9E4TKCI5sS43NSQw4Ojj3ftywEeWGVEjDgNd6oG8c7MRwiJ2oWReFS/UiqgKsxdLsbqRIPmU3H/g4SlPNGOQuweGaM7pptBnDcYoPXNEhOCcs/rmTaVH1EQbREPQpXV369jCnE6mOlL8EbCqQH4jhihavRkx9lAlxXxVGh55WLWrNRnYnyP8aVOkNi0zDg0aYMjPzW9NCkUDJP/GvLwQ5Wb/TDmon1za1PJsQjuuRxA8ttZMTk+qBtmTMHjiCsthPlNVvQjI0bR7rBPYdbtOuKlOJRz9IlOdkc/cL2s/dD1DnH+gUfZKH46vcuNw/En9oJuPdiOD1YUkqm2HWVcjGaeJvVBFhVcncUWV3fyR5GTIJkylqAv1M+kpOnFUuB1Fqs3S/pAVPj9WY+tr8Ab0r+IPNBNJDswuRNpAXP/50nDpnjJZt5XOz1DRs53CDZH/rhBKOsv1wy0QVr3btwxprd5+M5SzlesR2bNv041pmd/LQnvk7DYNwzmmq1nlIzr4b3b6bZ5dtwNwfmIRF7Lj9HKqPeyFRPX4jTf9u3/dB6BL5MKbUWAa5mYD3LT2SlUpG4EEozF86qtGqzQ9YjFJd5sHZtOKbM9nIuApr1DKJSPUIO8gT1JBnHYxPDCMDtVPX+YVqxFKrklIMPvfCrQ3YF1VjZZBhBIvDSD82t7v0OvXESd5cECWQ99c0X9Me+RRNu/K9YQiMYdsVb9ppo4OCfKkAlfggBMSLyNTUjpZ/WhqbPCeiMUWTbCVmLQGyoFpK7jtl6foI3kozKpgTUfvFxQaFJnNxfeQdBd+x+/O0jzs+ipxshiXEOxpy2oLcxJIglihbusGUPgOIwMe1Y39D6hjxSOaP8sQC1McApyxB+3g0FfZwuGAPnEtdRil0bS8qYmmnCNREKDMU7VV3xYViiOAE9lTJ5MQux53RW7gt1YeRTj/68Zkm120/PFV4NrSTlz+LrVhaXRVYgh3uSVn4l0+t42fw5enM0YS3jin6u2vHfZLa0G0TQ72XcqatRjXA8hRxM63J8g6aJcPGh8xryccy+BVzrsSc0am50yNj02xm/A94FcP4F7J47FPW1BD5P3rutOPWcysdAHhHr4tk9t1CkShDY1QRDyUzFfY2qQcRcJ9NZanKZKBH4gxOOtOETbQ/17AaNn0MVeszIDWfXjN6fgLhCzsGEZxlLBTvLq2m/7TAbaxUh+yxUfHD9hg2jHGy21jdClYB7OqAqHSiBL+teCIm9kro6m72fvMQhz9kpTSqEy+cW1hA0RQAq5Yx04gS01PtMJeaQ2q1CFWAexJdwQF+nKAHtoCG5Sk9qzI0xeXNnHpC2l7wvhbUCyxWzmRfWzI3Ei4aYH1NNmlzeA4SevIAmxCHxK9nr+7vTuMAwtNn4SAQwP5Ukmn1DwoqkTJw7n9kanBDgS6EHgJ3mShWGZyr3MFwoeAkv2nqmu+pmWJy2XMW2C2oT0lyUutqetvIaQ6mAENU7bJPMm5HoyjAMTlCWdsFg07GnwvTIGfLX5WPCZEGZ3LW3nSWvDjlYrLB7moDUMhiDsXkBbl7OwlYzwmR3JTcCsQP8Ab9zD7OqrWExgTJBPrShlMW9ASnIXJiWAqmrVtFef8A0hGiUuXUXuqfAeVMD3rKjAKao7MFgIxVxu2B1LzmRrfUx/L4mE2cishQmw4iPPNqy6Ym0E7ikIh16mmaFaJM250q7Btb5NpH0Cy95XHxRbbc+I/3moeHlVdY+GBbD/k/BmCzXU9oHr/jKNoIPGcDhJmyx1Ex5yoopEmepkjPiKkkkpFSVqe+ypYCJpxak25ZySkqQcDyI3uQbR5rfq5R8vX64eCaiJqhnoMe/fdSgQBncKU7uVVzqFUo626/4iVnYvbR9A9zDRg482YyMwO8RcxibSZMpGGALK8wDYGisN6LKHUzBlnmngXoCuh+PTUOP49wrpSthvvzfe8pJ59STvB689wZe/llO0/nuH+UyeQ6P56GKDcL5/IX+Vfg/ZGLg9VqTrwNEwrQtrZJ6Hq/c7c/BXBDnax0faXk1VvFM0ADGo0wt7jND0z+xO1+eMNWS8Q2SC6bXe1AV4ajUvJiVEiRcV6ggZeK8YJkip8wPK5kVUjskNWCtGpsF0jorGAr+GzUYf5w7QfT62TGJpC9TNT14FQpHMLk7Kon1tiYfPth7DvKZfhYbj6za/JXRRG+L/iofnCjcBwZ6kY1iTICrbIg8pQgcH95RqlchqrHRnbzz+tSxxrKlj4TqFldM6cQ81XzVTy07jaJKerwC7cXuTBfIHrIlvvuVV89naBauYV0yPoazuqhL9LBUBUxWEbkOBmdDd5qOjY7CMGYaZxZ+OR+1D8X+S8abCl0AvY1QOK+hiCzBs4huOqI7HoMnRWVEW5VAD4mooP0TsboAN2KYdMiblnIAEEx/9XrRPqFuzE+mvNQbFZc4ltexV/TJ7zG1pcB9nnOgwxruML+FR5Vt1rJrdGT9lAeFMgAtPRJToyBVKmCH1l4aGBHMtVFPr5h/3NCbPW/1WB39CiTt+4dTKVwKU3r3v9Dio/1xxB8qar4UGokhSDa/C8e6FGr/GvH4raip/9EGcjL37M+AZvhGDx6NJH1Pdmq1rnvF7iRnx3jpHmTQHuNLflyX5+adh5a0y71OANpgLdDgFkY+ivQnWjGIZ1IvMeiFP9xHw2Poed4aHk4uYpCAJo3BrSpZSTBpaEj4K0+wzrFknAQNI9OcY+ttB/DwG0PUiNkmJ06CG00Ev4ExawEAiN5eP+lrBFK3apga6/VEKUXIBkMmkmE6dggBJmJ9c77PHAbIE/P2roUgKPu/zERK43goSM0cBP0RcRb1kxbIn4/zS/szNO5eJqQQsU0Kw3fuUGuaQ5TDUYSUVHV7adg7Oc7ek+JCqOD4DTCzzaNF7btNA6PXYnMh/8rUYfDG5yH1gnXPUJuqKXw2EWAy4f1qmObL2bP4nLXV/mzUpscKl3TXSy3fP+1XgDeE8pizdzpjjAJkQDfVkBMSkLcOE3QpYWvH9k8ZIorydA0xunRMt+ZW2hmd+SNpXLI/WxlBZSRbvWCg+X4UUhK1T87ZcLOwj5yup5/W2j6ketmubjkrVJhZeo4Ompo/t0+6biTlx8/qHpdG+cwPi0OTCDuyQ1ZGZWRN0EhiOYzeIwyi47yVknPevIdD7088VEVTlPCt61Dd7LeiFLATr7r1svmTljx1+aShe6L/BaEsigHhAv5gAVtUxUhQP+NXCodHYQWW29KoFnr6E5EMSOoIz7pBTMGFQuD8B32xt/ZyBakAh8AGTp7oFwHaH63AItIR7g07mHbBh6Qw6BFeGqcWls/aniFIS9QDDkYOnlg5P1WV7H37lJlbWk7kc2cV8DbYDr1Rt7YixtjjmBUh/0FnoDg+PxPuyg7OnH9rjMXRXQjvtxNrKeYk5EjD4iujJ5Lzcywqd7hLRTBzic/h1gJANz38XK+YFiNXzMKgrcj3yhQsk5FtF0CQmCnbdQDbmPV/mxqhEJvwi9hDZyNEgb0wh2kzgZLpn5ADL4Ynq/NxkatHvu5nvMu5E0FbV1eXolD/LO4iPOv/ItsJwVjdmlWM7cbrUc36AwNchZ714hUeV2Ucb9e7XBJouaLaPXUZDNO3miHPAyrs7MznT/yieGXzTxiyxTXZgDJ9WR+Tq3u4hGQ7ec7CcMpf4KxVfQmzJY6XDTROPG9vIBp11w2ZV68CQUpVuWecBNIwLaD9rCfV9obdSx7IN2ksb6/a5dYl4HOLj8F3njZuQb3fpS9M1V9OJwmcjMUggFqTjIP2iA6+dcSR/RaRZuvkFMo58QsX/G8ao5IFZ+JECZr3HanT7zeH2D78aJveLMQr81kPuX8wo7/BDuGr/1FcIcLyDDA0nRnMiC5rrB0aj3eGyhG1/o8a7YztkENQTjZzbPdsh5DA5etz0d7WvSXbG3EkAYz6no5qEk3kymKQHz01wYW+6riDAgUf6O3CPTpXZXI/8XGmYsNw8puMp6Perdo4xAh31XBCpyq2dKDQmcMw3/kp+eJYlt6L0Na0U7oAOzNAjz4LtGLIxGJ6f7zz0Gf29R1obiGipUEpg35V63qUkI7Qq5cbFp6lsz7S76gginj2AkhFT2kNdLzfYP4+3hnOUapQqFpQTbYekb2iSRZdMDTRyjLsU3LXGL1WuYd8jsVqdWfQBZUUJrjttS1/sz3Bm6XrCyAomh0otJsvTC5B7N3sREiK12C4Er/SAQXunb5HliILv6yrlL8GOwyzhkfjMlTDGRYsPkJLKLNMZdxMfmB4OQV5J4CWuYTjgQNV7TuKeCpIKcQqYagOHDcCgf0tTN45aeTNvf1ioPxWSUyHNDAbOXea+/DjNphi6KStCUbGsO7hRxrEDSGoLbm2kB2UfofTZIEjKe7/EKlbdY9oUn0Y43W8/516fGVvf4vkZnmYF7EmrWqEnrGa0lkPMmGRtZQqOAlFQwlqpSQW35sNBLPuo5RAVSBOA/ufAMNqnkg0slZtaYLeL1JqiuoxfjLH62XFx9qrmGRbOdPlyfHt7mSqcAg0aoSr6uSKR2gqXkBOytJ3+SpNKnYxuPYSOkoD2yVFX/PQCN6bcCLhKUIMZXbTGyr5BEMeb6eZxTojv8r7VTysBag4K3AIJ1lNyol7VruF5PPGFpkd+7rnXPx8RrcCatcSgHujeWUKOy/WjKKAELcohHw+esDREbPkJuDa83D/ZQFEob1THEFUTZEQctXMccv+59AGsCzPTsYGxgzPzlE3PfJIokfVlZrpAsbz6iMTN9uAauRUfmDq7Ar/TCv2RneqN85p7pGA5e+v5As8e5aK5avbR636cOCrJWtMTvvmLiVmYuJ/klBqosj6Ld+BwDi6cBmoeERmIZV5uu7HRLCtW8zmm7Geu6l/lAkEsK+Y9zC7xDmkqjXPHcJ3tvQ0MbLV248tPWrrRbty4yUdrz3qJTNw2udGZ9Q6p3z+zp2zhgllvyRcgVX+jIXSnRuYCWNDp5ICD149c4+r1hho2IpCL0tUqgaiWxHwu0sna50tRuEgAwBKgEuGuzhP3cqxP1Jhy9cMy/bCZyz0p4gr370/UqdjDt/4c/d4F3RRTWbkEanl/1VOV8q1gsg4u4sDzRssAHQs19sG90lmL2onMw+X9kogYQrG4If7jLa0KjnDHG8mrF9enXYFGKEqV/HClEaohIPl/sGNJWnfBy8246Mpq8g5sqNnAOyeydVQliuzcOzGMr4fiFBl36TUOmEeZ12Dt+YhJcAgILJIpGo9rkZX4r/dNDWXYZ9cn5mWjUcw/YfNF9/7sEQMb1MeexyphSle+VVsbqztCbIvx5TNGsbOvpA8/c4VW2kHIps/HJHvgU3pY7w5H5xsKeQkUdcgRb5wjiu6zgy3NT5skDTFG15c7Yi/n+MGjAvAoqinA7uFW6/PO/wt2H1JLGsibqDWP2h/o+41d8dS/bbVLNFspna09V6+EfNRDJ+ehD2Gxk2cgKd3QeMwWp/mAJ6GTC7BrOd0h7N8IV4WTjo1BQLHRkp3ofUi1M9PHo0kllKS6REE5VG/0Jlyro+xe8TeEPnVNrDm+35kE25IUNwgJ/QBtp81z5cNfd5StZbhGOF28/6ILgzoowvL/Qe/0xA6nv6mfkyYUV5JdeJhFGYvVvvFrbacsqhleZ8LmCmFze+3UdC4VOLJULHv18cm/JWQJBe9Z4VnMiHFSE/UxtfVphVRU8XJyK+POgsvQ/vTzTPtsSAxHQE77jYwcFR4y3mgdDT65ZZA4tGtTikJ3B9AsvQXiT6iW8afroHf13kbTwlvJt833OUIAhVEJeR7dNzXc+V4+B4dZ3tADRy1kjKFI03gXPNL+kiydfYsqhVhe/Oby8l9tsnymF9zxE3M2eUUm1I/4vXvOSFaO2hGKy5S9BKlOdH+ZqfaLVafdB1305083D4/xOVM9KNcmkT7zGxMGyP9dyTQCHqO5HzsJNZT8vtS7Fwt663xcinkjdt5brcGiss1Q+4z1UEUSTYwIyzA7/P+eZNsDh13PbtAdTMprHT/4ZH0b2YRWXWquexvIc9Sir4FPZq4j6kiDAp393OVKmKQ6lmdXyGaxQGYM7ol0X6YsL3PNSLaFBB4yPbGOuXzzwXpJCOJNwClDlBPMCXcgHw8SmVHT9fTVhnXX1EFl6WK/1NuwOSJpU6UE8xoYz6T0MBwqwv78e+64nNMzrP7RdEbzsmnW2K7pkj23RE3Smy31BUfyBWJDgnvMS0iWevpYpAVOtj2j77meSGABgIkX164csK+OCst/IcVLPD9YBF/U2DStvxm5oD3oFsDB+nD/py7SEACMnba6r3t7vT2cftvn3Kcyw45IIULT8TZgZ/xLxdcqRU1N0nRU+mWk48qoik8qETn00gkuwJVa9O8zsJIhKebZg0SbRFzK/nPdwJp6kFIY9X26/e8YePYG3KQF5vKqHSuqG5VmtVIWXarNPukRX+OLU24m6DAa4qRepEHmE8Uvy6mo2hut8S7VQbPGdSzByo4EyboYgenVLFlltBh/4r8lZZkj05pwoCM3ggcq40shBp1hnr22mbVFC1XogQtcnNaMNis+LhaHvR+rDayePEjHU2+8Fc9O1gOIVJ12ixHqGzWjPmTTtpssZ2gTPd6ZmroI7fG73s7/7i4nR9sI6D2Uiq5dPZ/4NZUgky8QRGkicmk7FnLcXYpd3fYb1imX0rYQQG/sSYtUDQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:05:26,001 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:05:26,001 - INFO [Shibboleth-Audit.SSO:?] - 20210417T020526Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_amhec6anirenrw5dam1jdfpglc2o6ppedcan|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_0e35885848b2fc1d2bcb2bf727fdb341|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxCyJ++RFzln0N7JyiT8LuMg35Yj5oHLUFzxBoHuyqjz4AdgTfuxBbsXks/c+LBdmo0RhKz7+pWIZBg5zsz1QhpdfvjOXYSh2o6Vs1X91/2fnJJ5oD17wgJ/wdoM35K8N8TBhEslSB6cEGXMLv|_b800c160a3bc218a4fce58e65f265956|
2021-04-17 02:05:27,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-04-17 02:05:27,887 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-04-17 02:05:27,887 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-ch.o13bb.otc.t-systems.com, acsURL=null, relayState=null, time=2021-04-17T02:05:27.887Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_01036aca-9c94-44fd-a0b4-d959deb3ed52"
    IssueInstant="2021-04-17T02:05:27.887Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-04-17 02:05:27,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:05:27,888 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:05:27,888 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:27,889 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:05:27,889 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:05:27,890 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:05:27,890 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_01036aca-9c94-44fd-a0b4-d959deb3ed52', issue instant '2021-04-17T02:05:27.887Z', entityID 'https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:27,890 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-ch.o13bb.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:05:27,891 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:05:27,891 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:27,893 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:05:27,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:05:27,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:05:27,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:05:27,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:05:27,893 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:27,893 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:05:27,893 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:27,893 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:05:27,893 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:05:27,894 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:05:27.899Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:05:27,899 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:05:27,900 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:05:28,077 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,077 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:05:28,077 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:05:28,431 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-04-17 02:05:28,431 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-04-17 02:05:28,431 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:05:28,431 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1499035085::identifier=rick, context=org.apache.velocity.VelocityContext@2d592951]
2021-04-17 02:05:28,432 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1499035085::identifier=rick, context=org.apache.velocity.VelocityContext@2d592951]
2021-04-17 02:05:28,434 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:05:28,434 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:05:28,434 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:05:28,434 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 470aea81211cfac02e3a71738671d1145e43fe0bdacfe05c9ac0c9aef6beac7c for principal rick
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:05:28,435 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-ch.o13bb.otc.t-systems.com
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:05:28,436 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6b5752a2'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:05:28,437 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T020528Z|https://iam.eu-ch.o13bb.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:05:28,437 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:05:28,613 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:05:28,794 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T020528Z|https://iam.eu-ch.o13bb.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-ch.o13bb.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1650161128794}'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-ch.o13bb.otc.t-systems.com'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-ch.o13bb.otc.t-systems.com]' as '["rick:https://iam.eu-ch.o13bb.otc.t-systems.com"]'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6b5752a2'
2021-04-17 02:05:28,794 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:05:28,795 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:05:28,802 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:05:28,802 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-04-17 02:05:28,802 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-04-17 02:05:28,803 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:05:28,803 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _29857f8b51403007930e21d8e8b5be92
2021-04-17 02:05:28,803 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _29857f8b51403007930e21d8e8b5be92 to Response _ae55febb27878bbfcd14c16982853ca9
2021-04-17 02:05:28,803 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _29857f8b51403007930e21d8e8b5be92
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:05:28,804 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:05:28,804 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:05:28,804 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-04-17 02:05:28,804 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:05:28,815 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-04-17 02:05:28,815 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxOkJMDo8OYwGTE50DG1Id/zOy82vxr6/U6Fwngtlx7k+ug/fxThTj9BGvzxO17fwJRW8h6C93pmAQvrhu/TawE6i9DME1zBvlI8TJyu/Zou1z0fbwWz1a2A5z6hR0J4f5q2yRjbzgwZ4J3UvP with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _29857f8b51403007930e21d8e8b5be92
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _29857f8b51403007930e21d8e8b5be92 did not already contain Conditions, one was added
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:10:28.795Z, to Assertion _29857f8b51403007930e21d8e8b5be92
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _29857f8b51403007930e21d8e8b5be92 already contained Conditions, nothing was done
2021-04-17 02:05:28,815 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:05:28,816 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _29857f8b51403007930e21d8e8b5be92 already contained Conditions, nothing was done
2021-04-17 02:05:28,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:05:28,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-ch.o13bb.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:05:28,816 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _29857f8b51403007930e21d8e8b5be92
2021-04-17 02:05:28,818 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-ch.o13bb.otc.t-systems.com to existing session 470aea81211cfac02e3a71738671d1145e43fe0bdacfe05c9ac0c9aef6beac7c
2021-04-17 02:05:28,818 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-ch.o13bb.otc.t-systems.com in session 470aea81211cfac02e3a71738671d1145e43fe0bdacfe05c9ac0c9aef6beac7c
2021-04-17 02:05:28,818 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:05:28,818 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-ch.o13bb.otc.t-systems.com and key AAdzZWNyZXQxOkJMDo8OYwGTE50DG1Id/zOy82vxr6/U6Fwngtlx7k+ug/fxThTj9BGvzxO17fwJRW8h6C93pmAQvrhu/TawE6i9DME1zBvlI8TJyu/Zou1z0fbwWz1a2A5z6hR0J4f5q2yRjbzgwZ4J3UvP
2021-04-17 02:05:28,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:05:28,818 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:05:28,819 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_29857f8b51403007930e21d8e8b5be92"
2021-04-17 02:05:28,819 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _29857f8b51403007930e21d8e8b5be92 and Element was [saml2:Assertion: null]
2021-04-17 02:05:28,819 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_29857f8b51403007930e21d8e8b5be92"
2021-04-17 02:05:28,819 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _29857f8b51403007930e21d8e8b5be92 and Element was [saml2:Assertion: null]
2021-04-17 02:05:28,825 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_ae55febb27878bbfcd14c16982853ca9"
    IssueInstant="2021-04-17T02:05:28.795Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_29857f8b51403007930e21d8e8b5be92"
        IssueInstant="2021-04-17T02:05:28.795Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_29857f8b51403007930e21d8e8b5be92">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>CB5MSABZz6ZWEfMEmnVny4uZeuGRL8bON+Qn8hv1su8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>PW5GExsuNf9Qs6v7oSoTMIu9aB3WXarMNBQViVyu0kRQKnFaFUF6G1yOxL/X2i5B2sjOeObVWBFKjoXL4qzOsO6zydqn4E/UA1sVKRnRfBMCKT8ZBVaPHj64v5W6j/U+i8bxGkd95iMoW1hHXgDWQk22UZvdWKA18jC2+EbMSmnGaMZxZj0BlN0kPaN94jZuoDlWgXkqH27U4MZYSAkEjqy+P2l3Z5XDgOg/nf8EjAqrYnYkVuBXPyR+RmepauMVSxU60spgLHav3uDOS5CvdVFhIh1XgF+OgQvC7g0gUhR9cSrPKn9cRdhTs5XN2aV75h4adv5dlO5ihnNxyyFFQg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxOkJMDo8OYwGTE50DG1Id/zOy82vxr6/U6Fwngtlx7k+ug/fxThTj9BGvzxO17fwJRW8h6C93pmAQvrhu/TawE6i9DME1zBvlI8TJyu/Zou1z0fbwWz1a2A5z6hR0J4f5q2yRjbzgwZ4J3UvP</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-04-17T02:10:28.815Z" Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:05:28.795Z" NotOnOrAfter="2021-04-17T02:10:28.795Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-ch.o13bb.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:05:28.434Z" SessionIndex="_c6c5d4e35e6f18eead33c1ff1fa2143b">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:05:28,827 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:05:28,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:05:28,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ae55febb27878bbfcd14c16982853ca9"
2021-04-17 02:05:28,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ae55febb27878bbfcd14c16982853ca9 and Element was [saml2p:Response: null]
2021-04-17 02:05:28,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_ae55febb27878bbfcd14c16982853ca9"
2021-04-17 02:05:28,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _ae55febb27878bbfcd14c16982853ca9 and Element was [saml2p:Response: null]
2021-04-17 02:05:28,839 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:05:28,839 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-ch.o13bb.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-04-17 02:05:28,839 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:05:28,841 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-ch.o13bb.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_ae55febb27878bbfcd14c16982853ca9"
    IssueInstant="2021-04-17T02:05:28.795Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_ae55febb27878bbfcd14c16982853ca9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>fpHYz5iItSIkoLssMLx8WCyFv0rqM55pirXxcwY0DJk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>NDWqLRKwJdsCchspaOz9nRaNOuKtVYmiumwRKLUV3KFPwTGZfiW/WbG2xFwC+kJdIWTIy+JVsKd+XZDlMqPfy0u28kGjdvinHDUADUPT5EhvSy7ssqlU26aEA9/mymiG6QPBB8Fvb3BH9AWaVm9AMgpGQ4QbgRZ/fv8DGyJgI5mXKt5nPmyJYiYLuMTxO0hzK3rwH4VOuzDDBuaVJXuUolVv8JVcOBSR1EF9F4U36D/PXKtiddMvJ2qztjRMBMxuEn0eaInNGVHnGwF/g7Z/00JpAUou9ksYUazcvafEwCzTc56smL/g0bGyAsTvBBcEBKr3mrXBIXKzehmCSLqB5A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a63c0b7e8bff08f0dfb8feeb1af7e535"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_60a827a0ae58ec1e4755abde17430f35"
                    Recipient="https://iam.eu-ch.o13bb.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIICLjCCAZegAwIBAgIGAVHDRPSbMA0GCSqGSIb3DQEBCwUAMC0xEzARBgNVBAoMCmtleW1hbmFn
ZXIxFjAUBgNVBAsMDWlhbS1hdXRodWktc3AwHhcNMTUxMjIxMDY0MDU0WhcNMjUxMjE4MDY0MDU0
WjBEMSowKAYDVQQDDCFodHRwczovL3NwLmF1dGgub3RjLnQtc3lzdGVtcy5jb20xFjAUBgNVBAsM
DWlhbS1hdXRodWktc3AwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALRgTiRlOH3H8Ti/Nl8F
hr+9QdbCEBQIKFKnX+VeeD6NcGQtsDnihnIlwDv9PqAqRfZ5KNDF7IccYgCBUfjJXOyxqa51YVDJ
KPLpjMcZiSEjumDm3jbdEiiQKl3zwt9Q0aLlz7PKdIbIoPQdo3YjpTB407D5PmvpsFr+TQ6NlkTZ
AgMBAAGjQjBAMB0GA1UdDgQWBBRcdOVNkWkaAHkjlaFATFhnEEh8SzAfBgNVHSMEGDAWgBRcdOVN
kWkaAHkjlaFATFhnEEh8SzANBgkqhkiG9w0BAQsFAAOBgQBlFRyA98AUXCw8bhneTFoD2JWRZz2f
Bs3vINTVjhA3CdCCJ9lgPxIhitHYNPQh5s7l+IA6M/zHTx+rpRO3KUqh0M2eNZDunUrstyXkvZvp
uJCPFK6t1iN6K5YuZUhKI06W5Bk6XV2NO5L2eIqD9jZp0UGb18Ep4BbrEXwRwJQPYw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>FA0objHSXB4cWf2uf+mkbBEQUWmut8ibrRBeSmmy0sHe4oBWGg4204AnBhwYkEimqrjr3P1fotOQ8AeHQINAMZNETM9Yj+ELAZkrYAedwVDO+oqBHV/6EAucAxX1XCqzZUqlBrgDkgwAeX66t5M5l2sz9ZaT2Yr8TsXBQfXy4Mk=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>gdxoZSEILKJiu/UAzwSVBBsXyl7PR+1QoS450ytEwtO1MO6hyrZrzapJ+Jacb2Ijp8jzvHTTvKC94KBS8Xqu4DY+8SGtTDYIjb8PFcUnmbvI12nFgyV3YOhvNw/X6ZSVKpXuVYPenzEoRC/kAzbH1k6beGgpW4iZc+ZbqH9R+DGHOTsu9nMzzuJQN61LUWxpZiove4tNeVbKMIsNZEnwwth4ZG5e8jZBGgwfY29HcGvUeC8V2C4Tpu+tLBcNMVipEPMoqvsNjVvcvrFu4MKmc5rn/+dvgsqe0wMMP9wCDyBY0NrA4TDWgV+IuGpAdIKbzJ0eH9q3MTMucrKXKjKfQBDE4U+7RE72v0QWSrmOTsq2pa6+xt6NZtucBcgQEc24U+hoELk7/cHFgmiNWEnwnl5gS6T3OEllRqvxQKdcrdIBhOZ3UgCPpe2xdPvU6hUVu59BZBVoJ1jS9eWHb+E7FW3tZYo6aAXvx4REgKjF+XI8G/eO6eZ8uUxvW3cHGw/zt45JvfdklGVOPxAC/+Yt1pWlj34uOGQr+Tq3EXynNugujIqMAXKO6SXamHVGjFMS7EhBFTT3g29ShQS36RFQn6PCfOk1BWrzC/4srQmZWesoL8a4tyvW7pn4iJo1H1Q71iLAVygNdZRHc5DDjMmHfuBW36xAOcruxBCp5T6vzksjdmVShKYMceIr6tnpDlV9YLz46n6nt0tyO8ylTBB/EGqwhgM8b/UUGICkozll74nKV4vbNsKDtideNely4aNO2il8nyJCTrFk2rXAYmErT9BsUaqZToWpR0jvYdc7nlgTEsYWv52RVe5CkZpe17Y5wC3Pwu2h1OtSV7o1rMJoBx1LSf36+Q9ePgenpuWNWBxQz8PHolgmgu494nN8qF5Bt4UH20vqjsOcIQwAD/f8KPRxK2cYtU2SHv+N+yHaLUoy36LY5MOXMCpwD2/4IZTmP6upps2OwzeiX5heG/21nZ7RaTLnb2sLEL3Y4gaz0zdJThBoUoWJDzk+HUlw7xZiZi5cUJv89BWhpFBHfxM6blhgM2ReFpwub1nPup64CJ4v3ZTu/ChPWi5IWa8A7PX9n31iV8hpZAhnyDWow5GXw07Fx5JF8LKqJ4DRAQRlFRtUtzO9uSB3R2sMi4rZdGJvK2AD2NIfVQLklXpl+JAN1Hq/p0lJGggsvo7q2a5TOC/22MxKK6Q6qECQTm1oijCCFCOU3OnKFibopLGCx6u1kmGJN4sxN1lboNJxT361oQPyfR1gbtgSUMONi6pBn/jyUCwvpukTkSOGM60lT+0oozhj/eKkqzZ3DtpT2pDtq05GCa+Pzj8tOuO9DQvXbQJRCJmFOG0aMRUoyFXTtpmbiVS2VqpuF4l4QJ62I84QaTQtiZzLHGErzQ4oX5/WtYRdK8mDFmS2z9g7TEazqUnK1e+nKCdj2M9u/Xfgnz3zLHMtuFDwgWZp6e2WTKuyuxdsz7mk1tGeKh0riA2LshzEvHJJqgKQpSpSxa/hGc1A3M1kflUoRRG5ELy4CNX3Wh/5i7bqNKcYrSVlhrUIY/eSvWkfSQP8DGE5S5HQApSRV1heBJSR5RPEg+kD3IsNUft6klmNJOhpQgEtSiTu2U4Zz+jyucorUhGcGz6GWl5MEzLa457bCf3r/orOqHejQubES5GIj0RZ2c4+LJxkBQrjsJ2qBzNxI2AJ30uNybikjrtnEsVQWWZOMMakPj7iypMQllsKEB87FjLA1zQyfLdQYstzsESOKxADjqjkJnGKzimyfQZTufdqPpEFMGqQtgKfxjXnSLZgpSFEgmiN2YaYXf48GIvvbQOZcTfRZxU9VZF/4C3sZBcNqzbfZU/6hAWf/Sxri4e6OMzzago34lNM/hl6eXjOeO9n8ZCQYoASU5lJXbVprzMmv1hH2q7j/r9hPU+VRpPWrBv/Uma4JPXksLG3CNnNFBL1ZUyOu1fkO0STxWzBd+zbNxCb/YCHO2foecqLNgm0sKB98F4FUX9W409WJLQBE2eMwqx4n3Hm/87MY0E6U7mDhh9MJkBgp4SAf+o8taYB4Q2BYR4v2YPo6WDSWd6aljbeX3KYLfGUbF9ilwIvuKt71Tilla+DLR4Wgb12ykX+KStCYh60+ABM6kliGmdes0O3yEH4Qr0Vf37aj0vL7VDJmeVrLlGQw03B0dtYnHRI3I2m4rzg4P+bMH8dxB61TBFck5Mu8p/23d9bvsYYT7HqFBpG8PT+Z4emLXHGLCacBM/4mm2SdveefVTH4mjN+nrkJ8tnj/fjy3lK8MJp9NqKht4/WTRoNP9YVk53k0TPY1wFkgcAO9pCkF/EuCwndK0A7JfgtrzL851yzTvHiVG3pSpNvniO7mvHLAJSkWvkc+eGY67R3D8FsB1vtnH0tFBvHetvUxMoFg+z+4XRW1qsRTYE88sNl9upiEazKSZOcdcfa1hFXGIiDGtiOGJh8tO/Cw5CWl4Cp71fVX+qrnJ3S78mG5ryJslkQLEAExDVAa8+6sMyljsSAbFvhQXmT3U/ETptesAMqRTZHg9G4+LJEcuojXjUlS1tdQ+QnYBFVLJHZ2h7ubZxFp266JwFxuB8FrEtnBYws5VassdwOe2WZP5cf3P9XVeQ55v1sHAy7BQ4liLVyBbr1SiHpD/hBNvurv47WIV2EZpyefJumiH74oz3/eGHCnLmlAGrF/v6F3PQcYyxq+QYQCppZwGKlnLy6ci9G5uKukzQ3t8z0nZ21NkXZ9aIRA9udtu/KSkqeRL10w7rHAeSGFXK3u1aQhcpBrUrCRZwePsOYhiG56OlT24/A1s0UKafWmqmxhT/Q3/kGSTXnZ7hsP3ic+CfL/ICBWk+TnOuGQKcklmL0yUa3Dadi0KM6uJ0sEFaiAnhadldkb+0miNDu8Ov0fFJcIpR0ZCYSLWAmP1d2fa8Ymvlm0qlOEiiwnqtwEdYz5f2sip8iH4/3wiV8AFkWGm8qdb7b42lGQk4OvNCkQr6diOUyRmaFCrlMCNv7LS34hUCh/uoa8fbV7YLifORocD7TgWNbMSE7JJCgW9yvB3FAr9ihMSgI2gVQgSMJxHjMUgrePmrhzywt7sPlx4Cedlxjx89Ih+8VorwOuXHfOg+rgshbDP+N1QMXZlnjGrCfL1TGrp3ZC7JK7n5fTZizVReuVj8X7S1kq+qZlpnAjejAtj7ghG7O9cou3R9XC1xsD+Klcw+b8DqVd78f3g5urlQibT3IiJuK9rrrrd9WcqZmCZpea0YYrOEldEmDouuhsBFVLAkK/MciEjPg8turzw3uXLI+fGJThjUPpn5Ugxl8FGZ+DzmximrlPUIRA3wxy4g8Jh3oj/3i9sRE++BVHASELIuil9U86PTtVE/KptU3NgteSiMdZgjEWLSfuqWyChqaz7JoO5Qos+3F6j7e1vdM6CaVaNrzCNemeyyTz9t7PeOWF3GuCT5Cntj1C9uW8usvrla440TShscyvaUtJwZ+1psrZmIUiOX0uDEk8hWT9NjNXDWJNcStoKp2C8IyhzR9fVaFWWR8IpHZtO6LiF91Y8C0dJlw7UZ78kKaCYO411suF9dV7HfeeHIjGtymdP5TBwgvjz4mzSH1Xgk5+QTRlyNmnrpvoTQYVrgPsDtZlmUGJdXg1FKTycjS5PSFIHQQLlhovqI6SPKihwo/Dbtckx6UGP7rXEwaNRum9rTT2eRg6M37w2ELekBkAeeyRPoqyy8M60vcMjxGWqRdENLUL79fj7z6nAa8d4OdY4X5BeeVtwqFWNvPOJBVsm2zglGSdG0NtAtMy7xTlynxjNki+ECpr+7jLp5Zg3+owF7PtcYfE7f4miNdrO1F64zuSsk/HmAPwQp/ZuxHAb/0QGA8+aUpKvVAoWh4G7NpUaOd182tfExlDFDAzTHHT16FYKFOI1I+9Rf7aV+mFYSMmrlRiXVDU8S5DR98vaYLuq+0b9EktBwKQyGb5shLqOvDlTsDN64qF/36cys8AeRMyIAbCsCjbs+jqCjXsjdoLWr8pTRPRc4slgcGalsNi0QRUxDbd7rQUzi+UW8OlUNccGzetR/fdKn5sWjY4mjUy4B8BSA5W1v8b7T4S5EVFHHkPfk4unJL63ifhFEQhFXd6oJl+ghULmaNTN31EICpFszq/Iz3c1eQH48DXeFFCFQlxRwXn1pvylcPwx9yIFwLCBcX2eB58aRVpAIAzsF74R0brJhG88sBSkZL2BQrdQOHQV4VXXh0A67bQPCsCLCQWxZOo0r8OYdvNWdrOg/PSX8an5RTBTmYqa3eCu7dTa2YvUOLd6x5AbXDIKCvM40nsPRwBQhHMM0QWe8UmVYDNDMM6HwYilqcbunpxVsLM+acxuxMdaQohkyy9xP+zCXypW4DtbuTmU3ZRmwe5Rz4kKm10Ozoz6FzjXpJQ1E2ew9/U60/P9wCdptKqLZVlfy1yjWmL16mSHost/PJqQgoemyxPSZH8ncMEj0DeF6KritqwupNe/p8Sb1zT6AVCtdPob8bocbIZ+97mKm02OfDUV9rVpkXzSXY1VleVwhLu8Hweqo2sVrilNvIy2ccdYUcP+k6Xb/qsmF9WD16V5plWWXBzxtyPiIn2GFQxw2Z52+aRMertRQ+Sj/CmPdHK21uKJ7EDHXqW8X4vOpg+jG6JEKEuo+Gde224/VrlZAnYNeVQPE78cIWi7E57tZBk7GiM2lnfBEx9yPUuXIyM6WO6gIpMsRX1oC1beWWxYLfQzKncRkegmMOR26OPLd+X7opxa9eruXxTTyxn6ONfNjLukV+wHkb60yxxOWfnlGmV9u64sjvE6U6+kJ14OeyF/CZ/1EdAz+eVdhRTaOkPmEzqJU9Vj/Goi6XeFqN4a+cvIxoxXtzp13Yin3np7nwvu6pr28joFAp6KqLgrIrB7J85DbFy4f2h7bR84xYCXUv+Xcv18eGDOAzYgzsxfY9lvUDPnw2f1gWSde6BdXOGnHkP/7A5WTXdypnqQQP8iP9Iv8adid0GsnkRnOJnZKEKDI7j3FkDe4XdAn+BjvMtO++6nPNngtiElDVIz1VIU3pXtb0uu0UmD/PmLGLohGvuUbmvmcoqVydMLfYmojGIxtRP3JSLyKoKH1GpHqs7b5Uk41nvIPYxcUmWPBj3Rc5WfmHxsW7WDPB0RIet30H1rci+xFie+o7oMRmPVX3XsPoIRBZzQJwvd9y/Tdz+Q6NUT0ttCbbeTrqxeqZYDHV8MNe2KjNjLXSrLVYnNah8fZfGuLuNbXo3LZgNS2X2DgOrSQXPNbJDBP65xfHZ4T/9dM5X9hDVgp+sJaOVchpbToiBWj6Lt0Zrn0VIhBdzfNqZ/uQuU6iuqfFTWpLLnYbYdE8d31RGZxBikHBIRxc4HpRZFD31XBxps80u5IkKBd2vimaZa17wnjPa/AChkbhWpLCNWVhz00aJsH4b5YIgVjeKlK+ssavfsb/TX3mJ495n1AY61R/4YiUWeU4oKWHNwvAvy5oyUoPbnkCbD2o+kyay1jIR3HeKbSJjM8BhpPgsV5nSh5Xvj34WaTVs1yS3fsTYgO5AtQ393zrrvpNft6+vqjL+P+jce2rr1a9M2wACQcaRaprM9M35bTl5IPhdZsTsdl+nQUDEI1BuTGdhZn+1177UL7BrIfLNMgKaJqZ8XXpebta5FtKJjd3omKiaf8G0CFJdfBTuusyq/isZDNTQgvEnkmZitUhp/UOMipBqT32L/2uROkRi7/ATK75OtDhjYq3Z0OhGwKXlJ/niYX2KYeHsKMHqkBV1+btfGwm2d12HOkLeIrz47ifhlEft/3vXPOyuPmAgnq7KExiC6uH4BWL9QfO5r4j6d8zbWFvJZd3AkgpiKQmc0OmM+0RzKZZNgnIVLNNvoO7Vhk6TPXqne7c/BNkfu06eAmczqGvtI67Hqj91TM56OBCeuExFYTYAf+bIADrYeLBn8HeZNI0wt7I8E6nfU5Y4aYm17D66w50Oyx+w4VgQ3VgerCOD4EN4wwUIUe9F5T1z2UHBMqJxJ17Dh7zAAd65RMwpnYnpCK2P+QqQ+BAXxjD4/k0PnQGma6YQY7N8U8cdiXLybXoy6kxNOy4im96IHZP9DBGQeM+n3++H5q5Axy7fbJsWKTCJvO5SCFEoHM6IuS7a0qv7zlwKV61CVCV/oY3isg2UlsLSzXCuhiCiFGyV/1+tkw2+g+rtmhE96e0/cqrgKyzoAhQBnsFW0YNgY1wZMX9sFoOufwSeFGItwRI0EaVEfJOSTVDMP+joQFeKEXTvnWRG/YtRXqZNkcYy7jDqIazCXJx9jbx3vqDgjqFQGf5T+6nabMvCm+IEsL9o+0xauLtsujJchhEdEf47Ho8ao1Nn/ofNgfbTfWF7oUwqUYnjq9S/ikndfVrsLH3d6VtgPZVlVJ50RgEzPk9haM2PrmbuFOByLGT7G0zbLRFJ80fPO5NMeF5rVrpr/yBckS7iI/7G19CZHUHOyEQon2kFUQ/t9/OasHdUBPmPcmFoFBNR0y7zyTuM09+s69yDVeMwKJ5jI1i4XJfIvyi24aYEhx1GA5rt8B7jFQM5zAYjsf2JizZD7JS4WlL6ljTD5smO66yFTCAEfMATqFeAXHnsV8VpYK0BsnIT6/OLlNRIiBFX5r4aiNK+DeaW3+/Qdi3BfidkM55xQipncjJdShsb90z5fbHPPRpMCjoZc4VhQ+VSg2mb7LEzzcXYYJSKmoRufEsFoW+fN2pp1AUQKXPm4VEztn8P8jH1PH2v4pdP9CLZwZZPhEC3M7VHgsCNnLS3iKZNRyM4iBLQY18GtiScowmqnveV5+fU8cQ1zkCQW0eC+Ls6J+NLzkQCzK8GSjGOnTNXnY0fi2RIdNp3RHRGnTBWk9eRbAhj4AOXJaawKwC7fi+Xd3I36vXJtv8ZvHuiJprM/MbWY7lsziXUNDOfDJvSIbiqU4HWTw9XCcc1zjG9dK7Yio27wjCjs3S9rNABHQDdq45gFFwulLAjx16lvHkyIz8LUC//2KpNbR0KPkuqHqCgL4+ltePe3Tq3Kt6mwMkjRKasuyd+Xb6eFBiqFIwApdzlKu+dLAT7+O6nT17ZS4cm57VP5IpSYdWZ4FuHCfB6T811/oo51QtWA3LV4zWZW9xsWUElswzRS77gj3Q1GhwaUqbmLxKGJe4zjyxHh7qIM8tSdlsF/5RwcuwyDoCixXCzGVku2ny4Lla6LpzDYoZxRMYfaUAbWFZMdpI8oDS+gMIo5r6PgM49/dpNTSbMK6UT09FRHz7pZmLVx+cJ+rc7Ls+zvN57wwy4rv88jfWlP78QaCpDuFrAX7kUILs4ZcKz2W6G5rBq//cX02xZAhd6foSOGB8yWF/89tvZbm8It9xB6pEVnTVvdkcC9X0tzGupTBU9qsP34x04Of3xw3ho34Zr2o4kon9Pet6pz6uPRerWeP7ML706F3WboYXkywHmzHReXfEodQBc79+KjGHKW/l98AHITFhuN10Qot4XP6EoudhMvptknSOOcj0E6DQ5F/1YZ0Y74+Vdwb7wiGn2yxoOCv21Gz8FIcI50aa3o+yaFKDJyZwTKFdftTCaL01yVqObRGLCsX01Raagu+G88S+Fn+N0Xt1L6Vm43SbHI813daSt75+cb7ZsFLA9Vp6czvzB03GpzS6iBpVV+DhLf5AIqyi/spMtQLHmNbmDf4Wp4faAl+uvMG8TMRQ6j6mpsJtcRItS161XuaoEa1Wzm7f5d8BzooS51QFr3kSeNEahnChY4IDR7GP1DsNB8lGxZiXGKaCECc7hOno0oyiSgnN3x9j9j5i8N9QxVw2tAF4MJZD4XLGFYbL7KVd4CJ88sn8IwyZi9dZDigjj38oNQdh8apTMago6t6k7r0zb58c4MiL1OM09r/ZqcCNl0q8qoQqE2VSMaHfrsFFbLhVXSBx0dgiW8pS29SlSG5vlvfliX6k9j3IZBpjhkGVJtMaLKbq+Z2X6jGput1Y7kO5+6zGNLgwlMMedQwivJk6XdZ8zpWf2wP463+mSHUZFkYr9Q8tXAppH7zyGnICv72bAtl6Hsq9l3P0/rfpuVSCjAiJP0V6bE2P4BhK1tKoM5Q/F5ayMCHJeSL9CvVMIucHgamaAcUr6aktFDFECqzammUvPI8wVY83wQTLf8hxg1BNS/SjtUF2eUA3Q4r9g0U8Saut8dn3QS7T0wD4ogoyD4zXvCrmyVqMMGzTpJrmzA+6OYRBEL9P0kEkDRshw/2tQK9/nisoGtrNQ5COXV0yZnGhmn+VQ3Xmymydh0++jSfRdn8h/XuGM/N6hPvyZA=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-04-17 02:05:28,841 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:05:28,841 - INFO [Shibboleth-Audit.SSO:?] - 20210417T020528Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_01036aca-9c94-44fd-a0b4-d959deb3ed52|https://iam.eu-ch.o13bb.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_ae55febb27878bbfcd14c16982853ca9|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxOkJMDo8OYwGTE50DG1Id/zOy82vxr6/U6Fwngtlx7k+ug/fxThTj9BGvzxO17fwJRW8h6C93pmAQvrhu/TawE6i9DME1zBvlI8TJyu/Zou1z0fbwWz1a2A5z6hR0J4f5q2yRjbzgwZ4J3UvP|_29857f8b51403007930e21d8e8b5be92|
2021-04-17 02:06:36,917 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: SSOT_51299054
2021-04-17 02:06:36,917 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-04-17 02:06:36,917 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-04-17 02:06:36,917 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<urn:AuthnRequest
    AssertionConsumerServiceURL="https://www.nejm.org/action/saml2post"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_-5254299657028889099" IssueInstant="2021-04-17T02:06:35.483Z"
    Version="2.0" xmlns:urn="urn:oasis:names:tc:SAML:2.0:protocol">
    <urn1:Issuer xmlns:urn1="urn:oasis:names:tc:SAML:2.0:assertion">https://www.nejm.org/shibboleth</urn1:Issuer>
</urn:AuthnRequest>

2021-04-17 02:06:36,930 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://www.nejm.org/shibboleth' from origin source
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:06:36,931 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:06:36,931 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://www.nejm.org/shibboleth
2021-04-17 02:06:36,932 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:06:36,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:06:36,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-04-17 02:06:36,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-04-17 02:06:36,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:06:36,933 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_-5254299657028889099', issue instant '2021-04-17T02:06:35.483Z', entityID 'https://www.nejm.org/shibboleth'
2021-04-17 02:06:36,934 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://www.nejm.org/shibboleth' does not require AuthnRequests to be signed
2021-04-17 02:06:36,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:06:36,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:06:36,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:06:36,934 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:06:36,935 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:06:36,935 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:06:36,935 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:06:36,936 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:06:36,936 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post' not permitted by input criteria
2021-04-17 02:06:36,936 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01' not permitted by input criteria
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://www.nejm.org/action/saml2post using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:06:36,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:06:36,936 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:06:36,937 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-04-17 02:06:36,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:06:36,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:06:36,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:06:36,937 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:06:36,937 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://www.nejm.org/shibboleth
2021-04-17 02:06:36,937 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:06:36,937 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:06:36,937 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:06:36,938 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:06:36,960 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:06:36,962 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:06:36.962Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:06:36,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:06:36,963 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:06:36,964 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:06:36,964 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:06:36,965 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:06:36,965 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:06:36,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:06:36,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:06:36,965 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:06:36,967 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:06:37,179 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from UIInfo 'New England Journal of Medicine'
2021-04-17 02:06:37,179 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:06:37,179 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No matching description in UIInfo
2021-04-17 02:11:30,172 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: v-cOGJ_ZciTexuKe_btJmuAdVRcolGMFu20jmBRizSSdYkoCy0bpHIYQ
2021-04-17 02:11:30,172 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:11:30,172 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:11:30,172 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-efd663b1189bc582a7d9fd54a2e1bfc0c71cc64b"
    IssueInstant="2021-04-17T02:11:30.127Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-04-17 02:11:30,178 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' from origin source
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:11:30,178 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:11:30,179 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:30,179 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:30,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:11:30,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:30,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:30,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:11:30,179 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-efd663b1189bc582a7d9fd54a2e1bfc0c71cc64b', issue instant '2021-04-17T02:11:30.127Z', entityID 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:11:30,180 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:11:30,180 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:30,180 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:11:30,187 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:11:30,187 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:11:30,187 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:30,188 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:30,188 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:11:30,188 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:11:30,188 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:11:30,188 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:11:30,188 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:30,188 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:11:30,188 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-04-17 02:11:30,188 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-04-17 02:11:30,188 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:11:30,192 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:11:30,192 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:11:30.192Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:11:30,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:11:30,192 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:11:30,192 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:11:30,193 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:11:30,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:30,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:30,281 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:31,522 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 8-KKKwwzdahmF4MpnZtoLvN53yM5Sk8wminBX4e8eAD6OINnhFXIFKpd
2021-04-17 02:11:31,522 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:11:31,522 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:11:31,522 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-4955690b636f5e7f72b847236a5562e72953d7b8"
    IssueInstant="2021-04-17T02:11:30.665Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:11:31,523 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:11:31,523 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:31,524 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-4955690b636f5e7f72b847236a5562e72953d7b8', issue instant '2021-04-17T02:11:30.665Z', entityID 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata' does not require AuthnRequests to be signed
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:11:31,524 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:11:31,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:11:31,525 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:11:31,525 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:11:31,525 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:11:31,525 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:31,526 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:31,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:11:31,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:11:31,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:11:31,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:11:31,526 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:31,526 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:11:31,526 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-04-17 02:11:31,526 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-04-17 02:11:31,526 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:11:31,527 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:11:31,527 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:11:31.527Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:11:31,527 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:11:31,527 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:11:31,527 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:11:31,528 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:11:31,624 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:31,624 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:31,624 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:35,144 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-04-17 02:11:35,144 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:11:35,144 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@483175661::identifier=rick, context=org.apache.velocity.VelocityContext@4178c1b7]
2021-04-17 02:11:35,145 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@483175661::identifier=rick, context=org.apache.velocity.VelocityContext@4178c1b7]
2021-04-17 02:11:35,168 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:11:35,168 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:11:35,168 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:11:35,168 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d112c3739eddf8499a276025c0d83bfd713dfc5d4977c7978393c2117a8e288e for principal rick
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d112c3739eddf8499a276025c0d83bfd713dfc5d4977c7978393c2117a8e288e
2021-04-17 02:11:35,169 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:11:35,171 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:11:35,172 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6feba0cd'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:11:35,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:35,272 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:11:37,175 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:11:37,175 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:11:37,175 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T021137Z|http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1650161497176}'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata]' as '["rick:http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata"]'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6feba0cd'
2021-04-17 02:11:37,176 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:37,176 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:11:37,177 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:11:37,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:11:37,177 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc
2021-04-17 02:11:37,177 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc to Response _71f354f91656ce27e0de3959c6aa3a5f
2021-04-17 02:11:37,177 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:11:37,178 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxwyChGxuAbHrSy5LU6lhYlaQBd8UX8s8frZZX07DJ9oUO0/ixeYyaKVuRWHHKDbvAhLXXsQG5AKZNyQgncKdXE+jwjmrdRZ7Jbf6hCWbh5OhvR8dXK0Z+2DZoQHbjfWvyeTFbyat1xKDNbMct7igKXNDATiBriFupmgkBZGIsL9UJ0boyx2yhLfMaqhtK with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:37,178 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-4955690b636f5e7f72b847236a5562e72953d7b8
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc did not already contain Conditions, one was added
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:16:37.176Z, to Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc already contained Conditions, nothing was done
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc already contained Conditions, nothing was done
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata as an Audience of the AudienceRestriction
2021-04-17 02:11:37,179 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _400dbb5f26b2d24a4ebbb2000ddf40fc
2021-04-17 02:11:37,180 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata to existing session d112c3739eddf8499a276025c0d83bfd713dfc5d4977c7978393c2117a8e288e
2021-04-17 02:11:37,180 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata in session d112c3739eddf8499a276025c0d83bfd713dfc5d4977c7978393c2117a8e288e
2021-04-17 02:11:37,180 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:11:37,180 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata and key AAdzZWNyZXQxwyChGxuAbHrSy5LU6lhYlaQBd8UX8s8frZZX07DJ9oUO0/ixeYyaKVuRWHHKDbvAhLXXsQG5AKZNyQgncKdXE+jwjmrdRZ7Jbf6hCWbh5OhvR8dXK0Z+2DZoQHbjfWvyeTFbyat1xKDNbMct7igKXNDATiBriFupmgkBZGIsL9UJ0boyx2yhLfMaqhtK
2021-04-17 02:11:37,180 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:11:37,180 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:11:37,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_400dbb5f26b2d24a4ebbb2000ddf40fc"
2021-04-17 02:11:37,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _400dbb5f26b2d24a4ebbb2000ddf40fc and Element was [saml2:Assertion: null]
2021-04-17 02:11:37,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_400dbb5f26b2d24a4ebbb2000ddf40fc"
2021-04-17 02:11:37,180 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _400dbb5f26b2d24a4ebbb2000ddf40fc and Element was [saml2:Assertion: null]
2021-04-17 02:11:37,183 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_71f354f91656ce27e0de3959c6aa3a5f"
    InResponseTo="id-4955690b636f5e7f72b847236a5562e72953d7b8"
    IssueInstant="2021-04-17T02:11:37.176Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_400dbb5f26b2d24a4ebbb2000ddf40fc"
        IssueInstant="2021-04-17T02:11:37.176Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_400dbb5f26b2d24a4ebbb2000ddf40fc">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>fs1t/skJ9NucVvdlKbtiyMRvxkWOZUBO3298Nh9Fu68=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>DBTNly3L+0ainifoLsZF4Kbm98xVHPGdhOApJbKUhET5KCKYXEhBbbimw/Mn4fVwZCMgGwCGj5MroXkgjvs2vrurDDMPdC8cKdOPphKtokTQH0fr7Bt+CjUPft2tW4o6TmhcyY7L1O8dP8HPqxv7GhmjfYd/HPJvK4UoO/ZT53i28H1FPHSxudipXo69c310wbdjoG85eaBATowLZ2M+NtWl5j0hIubIRlw4gtA+/9Ocsfrfs/UPkKAb3zPP4Y+FjGyz38coMhydrgMZOQse3eDehffDuE2Je0JbmwgDRHl79f1MtZzesTHcURd2tvHJsY/8wbcVvzHYNz3mU8fbGQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxwyChGxuAbHrSy5LU6lhYlaQBd8UX8s8frZZX07DJ9oUO0/ixeYyaKVuRWHHKDbvAhLXXsQG5AKZNyQgncKdXE+jwjmrdRZ7Jbf6hCWbh5OhvR8dXK0Z+2DZoQHbjfWvyeTFbyat1xKDNbMct7igKXNDATiBriFupmgkBZGIsL9UJ0boyx2yhLfMaqhtK</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-4955690b636f5e7f72b847236a5562e72953d7b8"
                    NotOnOrAfter="2021-04-17T02:16:37.179Z" Recipient="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:11:37.176Z" NotOnOrAfter="2021-04-17T02:16:37.176Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:11:35.168Z" SessionIndex="_efa6fb0bbcd24fb676784f1711fcb952">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:11:37,184 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-04-17 02:11:37,184 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs
2021-04-17 02:11:37,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_71f354f91656ce27e0de3959c6aa3a5f"
2021-04-17 02:11:37,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _71f354f91656ce27e0de3959c6aa3a5f and Element was [saml2p:Response: null]
2021-04-17 02:11:37,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_71f354f91656ce27e0de3959c6aa3a5f"
2021-04-17 02:11:37,185 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _71f354f91656ce27e0de3959c6aa3a5f and Element was [saml2p:Response: null]
2021-04-17 02:11:37,186 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:11:37,186 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.109.56.122&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;TestIdentityProvidersCRUD1&#x2f;saml&#x2f;acs'
2021-04-17 02:11:37,186 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:11:37,187 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '8-KKKwwzdahmF4MpnZtoLvN53yM5Sk8wminBX4e8eAD6OINnhFXIFKpd', encoded as '8-KKKwwzdahmF4MpnZtoLvN53yM5Sk8wminBX4e8eAD6OINnhFXIFKpd'
2021-04-17 02:11:37,188 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/acs"
    ID="_71f354f91656ce27e0de3959c6aa3a5f"
    InResponseTo="id-4955690b636f5e7f72b847236a5562e72953d7b8"
    IssueInstant="2021-04-17T02:11:37.176Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_71f354f91656ce27e0de3959c6aa3a5f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Z/Vl2ruVeZ01bnTym0skWx//l2PhWhjBRxez0RA5Y+A=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>IPzEoly6ujIraj+mjDeJ5omkgQKadMWgvU4MiGdTaQSHmVHm9tWFK4pSeuHpiM4UD48fxmY0rvlnapcoUeg9PBElbXdZH8zbPrAPMm/fnE/b7IR+vmptrM9mUrnvOx8pUpFoD0hKRoWaDikZH1BfmkRFcsry0YEnMidDW6IesAsE+xAWHNvQIKXhkv2oct2Q4swuVG3BX0+5fm6W9Nk+fMS1Pr6jFQTQZnRKhyonjSO2jSZzoFhEYOz55vo0EVg1PisTt3E6BUoz79kM2I4x/ZUBY+ST3JOn1BRyYjVG4pxlYQ9Q6PXqPYmVo7Mnu0O4UULd+ad8Sr3BTxS2B9o71Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_299c2c9a210a4c4fef7871b33ea4d393"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_302f1f7de9ee2f448cc84259ff20d1e0"
                    Recipient="http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUJODDJX5TK4ZO6M+unfDgdPNllK4wDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA0MTcwMjA0NTZaFw0yMjA0MTcwMjA0NTZaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDZbqHv+e9XLFsKv641AV49nR+Fu5nb/tw7VRqEqtI7iWot/AxNaWJC8HGgDRRpa4RLTUGzIjTm
+v5x/BuaNOvaW4KsQM5hzYmizMMMCtEqlAnBQtZsdU4ie2uIxkMTMbeDeBliH04xMvpskwMcNBYs
pQ/enJvFBSOyX7+wRPwOjKUgmFFjeWbqVMygt7OAj+XqIk0fmHSBiMf6kedfT7WEMKLfNQ/3/bfg
DzxyOqPYF8SPYS4BTTtW55zC816+9u/NtYgrPVk11QSyWHShv4r/j+D//tWgwRzUDW5NYCJZKZIT
rIOM3yd0yTaVCzXIK5acZWcjNzbMutDqAS+FzlgfAgMBAAGjUzBRMB0GA1UdDgQWBBRuwY8mcMFm
kWV1C5KyLkqNB1clrDAfBgNVHSMEGDAWgBRuwY8mcMFmkWV1C5KyLkqNB1clrDAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSlEopFeuGZzOUugunNW0bYFRKnOs/6bT7fVDSFA30
CyzZgjqG+FZpif8UvEHXstJ9N5TKfT9CtbJms3zbeTX8L4PfNVmBkwOMLfzAUoarHKJ+ExsD2WOD
Zt++QS/Vz9KjvIWuDvZ3awFdXijDYa0Wfm4UboVGppbiRX63NHF10r8FUB6MEcZ97bAtQMOkIEy2
FERjqUMqHchqdUuEqmS/wj2DfJVXzsDAuK0QMZDX6DrpYnpd696xwLYM/CKC9I9aKtWCMNNdgdMQ
SH66Ot2iwMCNjc3ACP6FjVt63NUQ1TqObCIGnIyCxsyfH8oDHqjWJC4HC/o+7ojMeUqXSGMS</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WSLva74TljGEWuhvNBNuO+Tw9kHgljm5brFfLBv+DGTz4d7OgDgk7pH19Kdj6LwT2vSROkxcqa5pvS+V2ZhJQgQAors69/Kcy2BVcNbcRgkjMQ+euKQS3uU6EH1wo0lDwNleoJWo+VgVrNDQqg3aKxaEh/tr9lRdRsSPBMj3HHGc1yFrhhkmfqufFkNF06tzGqKD6+qfqcjCjQzoVPmNDIXdIyId4sD6vAZlh3YNIQsWKnTRf32cWF4whGH7ORCi1PzMImh9B00JF2eZAPGHnYUb6rGjWMDV2808i2ubXbWfIORvmNn8IDQXtX3RH6LKFDZH9jHV8nd2T2mO8mfRFg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>p0IStJCC2UL9cFPdrolTHXXUKScY0ggvz5CINYok4a4UEC1iVpAVpwIdmj9FQFVHrl04lG0GwF537ZHo7EKnoLqNLanKvKVtnchsWWKYBlqqQUN0WjvqvEzeexNxRU8x5nLvoA6Grc8KjUlHj6tW+TrhODpl3csWJdw4xA0hK1Maa5L8pxQI2V8UF+lC892BGcrrmtnLwmqxFCKua9QT05tqH4PJUSJLMxrZSeyjkC7/BeCln2f2zL91ZzZsUI9GG6Feq4dXv/um5IFZvkKvJohggu/zxMMaAwh/xThaxDA2R4zbKzK+8HP2C01NBBSe0e+qn8RY4R8MlttYhjB8Wu+DoPm24dHjLzYSdI7qG/c2Q8hpAUqdINNWTJRPx4hwF0bYIo3iXgq1qvuIeebiEqAyx0ywnAsyMoFaTqbqBnXM/d74N4eVlXNV4Pux++U3//LccS4R/mwTnllN9J6frfQB2RfYbCOc5t02D35ZNeWhntUUDiMfRRPvCr2xykwIx9dMLNUipaUcIILrjwFZs7icajXPdGn7IiyToFatjIgXGbAqddrcMKjSYmO0Bs/MdTZ0WlrU4aS4unUtsdWD57g1FMX6KnS3g4c8vpllzIsio9ceQ45wY37iQ62hX2yuBl9eXCysGDpBVqbsLikfL86kdLMwTxMQ/g8fJIzd4PSs0+hp1Y1VQ2zTxGnwseb+3ij+miCfSJ9cbkjZBInPrYlwTofyyl2cA7Ute/PzD3tBsscywWJRjX8WRVEpd+/86MNGOqX+YMHaJ2+3nxXVJ5Rlchdu7HEQpZMvK7JGz6fmWGNCFPilM6f3HngLH+UtQpbYSxy32pBiZaerq6pchjgx4I2QdLyoklNyx9Z//9u7ZXj6k/KTfolz8nYPtTWlVKdLqulAfGdjit6BWR/VVsliw3qe/mGvqtk6HGJzIQ2skznZddDFhgdtYMn1f3XOZTigk4SoABTtC29+sKqlbaB9aUHrFyD/FnpOH9u4llfsOLbQNjm3SPs7bPArpB8uVRalTUVgvsmNPLFsW27pX3OcQiwizjO89qNLO37r+IH+6Cg9WRuqJIY31+0MhynnoYGWHKD9zS4Fp7XYiF12E6tEqiqeD2DE7Y4i2BjtO7ZJnaSVDApSFGeyfIbPfTF6Iq6eGzVaNZnATbzWCpoB69jpCfOmFBfCnzUJuy/T+E7rD9YJ2AS0EUPhRo+bBNWZAEf35r4qBo7HfaAnXH8usO09uvXYdIuEc3hqllFf8WEc35R8NGE0KO1gxu2B1UKTVmzEBjvMuSNgVg4ljuWGFuhWqKAeAXZSScMK1h1ixBuBl5ggb/xwhmKn3wlau+qnR5o+GzTWKI4QAv+TzgiWyi52ZuT3OJI1gZAR4q8rIm+sWTfxyKXmyeaGv8qLloyb/kDZule1a9nYVCrEy5n8+s71+LNSBGyl1iDC9GKg19m8+/NV28r3uggMEuc2uLGhDe8n/Ihyk80QOWwqTn+BnLE4cHXvOAUzwUX0d5Snup8ihdFI2EC+QIXNnipP3gJJvKCKsKxaKSIp8Xful1HS9pxQJuM42LDG9AbagmtBEClozAGJ9vNAPApbF5dGC66932QPxZXpZ6e6xj7ZUuOXX40L7kPRFtmRLDU/vitBtHrSk5Pa88uAX/1evB9uWBKfZTLFDrArMSEnyaRgTvKOC2Wrcfy5IOX8iTgvIxBJ7rbXU5tHFuuHJb0uHcFfqfsBYRT8g6SzbNvrBy1KWeLiPUWRrHxZ4EW34A5gD9IP9IV19Yb7rwc6HlN0jITUDHqwLobYnSRQjYs0fVNKI36OgBfKiJiV+L4B3nHiV+dKdWP6M0GQsP/FB36q7cBb+wWRpDufdzMluRDEBOWz4/cQgl5gDOXNyPsuCWkcvGtdpybM8jXvY7Wjn0mi+QlSYE0I1oJUQ6YV7vw7yauKgXUi14I+avUWLOjltqBrCOxQMLf/Spu7zRr0Xbljno1PEXaRTqsygxQrSumDN0RQQFhA01jfahnPUIe3rFHi3mwrQqhSLpvTc+iYhtvs48Be3LmT+0dp7611b+kiIbnmFNfrt4JGofH9txjNIR10wjzuO421c9yg9FvB30HMJ3Dc72WrCdsjU9eFRii+F8b6u1350FLtfJkb2CfW+ORdEd5UhScFOPAKRUpoNZlHYJnO0pJzDlZYJxpGwk72GBtLK1+tA5kSWRUaI3xXSpqD4s4hD6DS15VvpsegYiVkGNPhPucBOIoQFZiLquI0jI2waqoYB+SqNd7ps8PnzI7lauyZQ2ptHo/Jj2eGwfEisFva2C74K3qUSKMczVsVH38sg55AWmrE+0kCGZpgMONum3cyPnLAkol8ySAcBC6PuLkobP6Cx+WlRP7Wv9u36BhJ2YFOHWT+6G8iQbnQ7OSFis2L4RxkeNCnG/mCh04Xb4WEvkK+FrThcaHtGTIQb26CF/qqmo20+88Sll/rePABlNXdGut0FTMO4S8C/JAqlQ+9BHgO9m5b45oEbEyrzIfsPcatrp/vv9zXnmlq3deu1xdXf6E76nxxb4U1vNzH1/MyGglUoFOFqzdN5UVhX508T2Glni5KuP5fhQ9pZDcB7ckaJlvhhGQbwcPhNzXjI1P2JQL0nMIz9gevqaQq+EQRQYej1xleYsubgBUpYB2YpjUqQimB878Muay6I9+/q1Hfj8Y8OSe9H4uShZtVrhuu5eKpEXL4OD0Jo70NoOTVtLM9YNj6d78nK/VroXnOYUAP9SCDgmZzGwcFHyG5xEEMcIDymWLNVi4HZ2yJDVNSkr0n0Yn9rISrYlWzv6J4/kFC51Kt0E1CFjpcGP1ElMf4i9cGVTMmKbM5mcr1HBAatDurcBK4SyKAfL7cNsOmySNn3GOIzYpDYDYEt2hUA/H9Qe1m8nzgbkA7iNGFJh27T1SYFsk8MkFCPMa/XGGdbW0uXWqu0qO7uYnfcNs3VR4Eqv++x0zOj52UH9iXVL1pzCvBN1XRMgrEBUj8Llp8KqilvJBmaTvlaKmNx4VSJowhNakQpHstg0q//sLFXTJA8gG2Q0mL7O0ZecQ8AqYbM/T/pWxA9W4cSzeu/s0jkX5UymZbJ0e6YANGrfJoMlLNotRJm0ngqPMM3HBLy085cRZlotXgUggNen+fvYfwdls4HZSNrw+ttzDmQeByFT3s0jOXYx7QYBy+RFOjobwcbGyGo3tGCXLghJJZSmLnkMi8B85M9SImbshFH3AXzpiBimHUZS9aLzSTOukz9ww8pXf9TqmIq5PRJlk6meLumGzh0BHuY4l5zhwi7X+GNZE4lp0xjg6trbc+Hpdce/xffFNqnyQivspUs9PtHgbwbyZdEH+dxUopknJMSAY1k7PjNXYRjlhCihf/ul0Xp/Nx4GaC/eT9MS3LZ1SmfaGRaLC53Va0LsmupLRNvN7sGkPWvuNzpff7vnNDb3B9qhiJbwEhns9HJBGt5plRX8ppNL6y6nf0b3hz+yAUARZeQaRsEw91cvRcDTACeyLy2+Bd/XR9shesWMHhCXp4hDD1XCQIp06p3LrHoD226oZGXRsDaTaOpbJeYW6v521eUhb+hR+hMOlPbxz9ldzaC3WwUzuQ0oqFNuAyFbovmMe/DBhr+FCXjDtwwlv5+44wqCO0pnHshW3P6XlfDZQAD7CqBavj1zFyJWun8o58/3IKQLf2pwjkgcvMHr77WdDLILTwcsmOYAU5DKI/Hn6tg87VTar9x1xm27f7L9yKNi7czkWsuh/unP3rwJmAOm0HV9DaEffuuE6ZaM2NhFvuWkAphvKcnLuEE0hTNKGBhZEFmxQsokFixY8JIK/RWmQyyJYPI+flcXA+lYm81Tv9Loq38XtPDtM4pFwgKqO4FfXmiQ1/G7rju50+ecS5q24hj3c3qhRRbDoRM65ZnwSLA41jJQEVpAbzj65zcV+nPp9OJeDqTIbMr2TdFkl4kHe3OYsxE3mVC0EkrARB2k76ctnkyWMsxYxCSl6Nc4bz2Uk3tRVXfWiqH7nfoGOHp4Gmqi7UC2wqP7w0MWwn2jVKhikytlDdp5X9XsZEQOym86flSDfgPnxweDTNwCx3LqOm2pPJfUGEyfA8IQmFJUebMMCfou44itJFSsPHKJV1zbjmgQkBEXl75quZ59OcZo5zDw3OatjuK7qQnaJG2+1OjeyXH9JwiZ1vVpbiaFM0b9Bh8ZotgtsBWF8pNnUUE6L6iiBNZ9/S2wgICKDxCLcU18BswnyxEw9BCa19yWKswTlrY6gA4m/Lw1c86jzEKBw2Lr7QxbP0OMutsTV293nPkCD/CkGSfiQzbiV4Cdmuf4JhjBVt6WP5qcKTdJpWMEhZFnP+/EjxsL4qxk5xKkj8nUo34zZzbJxgN3RHzc6YxBh3P1NzzcIVaqumZfNBtuxJEunffc19r7+hQBKIxpGIuG0MQEtzV7Rm5KeF+SCuifVmXT/AoqT0buE8yl0MYm4+OebngygAiZB+Zmwpxk0cnBGHRog5tT4jw2Ke6kUpdJM127T6P+kyOWmaTbqtWfJ8ssp8YYmL4GXSXbU3/vYDgTUraBK0ehXdd28bP6AImpU9j+mAab0Rp1Tb+W9j9Ajk5xhWI9bZVnR1JT3hABX6S/jNkPvFZdSKjYsI6K47HstS0P9MiTiOukVj7ToLgsHouhRNDk/okBCXeL5z4TEe/GPcJPmnSScT81N3zPPYAzcVQcRNGOJwJR8obwCEiDUEZQ24MRuNXvlo9TeGQtHRyZ5dNdWxAwhjd6CtWQSwc0IUiQY6gYZcickfrrx9bGlkU2A+9o6YT9RqTdOsS6Ltq4sZ7Z5bPC3NKA65tDILxpCg+RFdVn4pIM3FcljhcWZYplpEzHEjeRDtIzDAJDdkKQQm5GOysnhAcL9ktR3dqmYsXi2D2gPpQcEq4jU2taqAeYR095OuLKFlra35ZoggauNu/5wHKtwzwWt7Wb1gSghncFYm6cqwU+r8voB8g18lPLPGZUd3AD+FxyuXKhWBAsqRnWLSmX6E4tNXD1lsGWDmX1bvq3AqwLsWMlTyXf17aSA9h30ofx7kWXKHx/SbQrIOIvGGATY40wdCOrXdH5tcjbLxL7v6/VNYDfDuzntJh6gTiBR3dYBtxDod5NWUz5uk+GvAqddb2S/Jo4LbOMZJjOseqXRHADmVUQzTFq4ODib3Kdgb+1i61f7t2S8xwUNrP4+OSPb1O9uCj489eTZK1mbTONwH3RIisR7cK5qtRmpQMQBdizQq9tkv3bqqo7rDJ/JDrSTOenIAvg5X4nkK8OAXsFZ7uDKbVXBd0k1O95r+x6vEyKXBsWXU+O/nWsxM9NkKlL1Ma656ooOBgACT14yl5TpzhWpv1rM13ReTzfGsSleYJpjtQVWGIcI8dEb3AD9zm9Wwo69EPT+H9PPf21asUH/6T2njBzftTZ8Bcjp3DaBJhEJ0HtX6Kcw/rngTVac/u+WKWR2zrENGPOgAtQchILiUtpOTABqguKMafDENaFf+QlpOoXGxTUd6yZfICYtpd+qP4ldT7e7QNH5vs100hj0laYuNnLZz45a2dPU+ZnqJZy2W8VOUpa8L9kbRBV++IcGpu7ynw2W/ncyZscCXuKdKcLgzpoGKLJO5dmpoJcmnQcrMA/uLNIQoId4zFMNeZQ5Ovaj2tlGeyNXt1sZSaMrEkTta9Pfsq2EFwS5hZoG6pjwz3XfvVbAZZVRoCF8zlHrbA1f4EREP7dbJ4zz+57Js71E/6zvGTxh2zKO0V6ybT/eg8iUHu/6EuccbIS99SNltw7e6l8Nns4lMTo8kaU8jSGj4NlMhLYBcq0mVRcYCuZxEV2yEhKfIasD2uje9fU30H8sxPvQkJRZyArWbjp+qjzKPclaDUvZ7g7RulSvx7iV7LT96LSf4aEPDnafsh4hmYBpgyF5GEtdMlnkx3TjNtbr3yJo7EGfgNdxANfUhsmCCMPLBTbk6hUjNkPMeAX3SldPnB4Bfj2us+AVrrbzNy661J19exxB8+V1q9njxLBamLny8q9JtseVo7Tg/2x576l6kjKXhe1FsBNDCaCLywXuBdiOxmJo44agXo47CqwFoA3z9jAOeeXQ5PZEXsNxc0zJ5hOjetsN1m5HvEnfaiyrYndOqp1I6Xi73H1YQP34a6gVXU6Lbea2nh8mlXcLjNjhu/bgp4bSCrqsRk/LzFQYlQ3/NyIwRaNW2EYehkpAeWqJEzD+Bt+HsUm0SGLMqUP6pIlvcgzY1jA8Ujyy6mmFeqDZ3QbTgwO8L9krdVtsyZqFYpgru+tXo6ffmZtTPvo/3/GYrzX99y2a9ER8KLEonCLZ21MchEzdhPT95nQp65a43MoIYQ56AMPUqz+YFOFDI2kQAy+yQpX3w1Hh0Mdib2rQKf/hTsOVmuSIouQbwFofME7IOcYA7speyq4M3mSiknUBTThOSUTXXOX5FxmRMcBSl45P35XnAfjyLXAQgbRJscRyJP+9mnGapc9lwDLMVj78+FyoLl9e/Jbsvf4AL7Sy/GjMEdPlTBQR30OTN+2C1bKfDgLxF414+MtF1UHLZ/2dmM8tDxQ1KVnYcjD5wL+GclrMC8GFWivcJ9+TiPsM5gRo5jY+byi887uogGVQS3J1hbHPk3WHXnh/Vd7XNj/b8yM3gO0vr3zEUGq+gAFY94mdJQ26BvTVkKwFpec/gXW4I4VAFG7hwQxQtH8Ovmm/PLhYCLX683dj5nXife6Tk5w9sw1CAQ4WfBOwSeHqyeGmBvHBz+/1FjKKh4qq+wfTxozAet5hN54/OK4CG11aS6GHdMlZPIHvhHIb2ozTCmUI8gPQPU8r6muMIigf9WolYDx4CHbGX6bdABqt9L9YsxYadKSl9iN4HArbs8iKs2IARd2pRb6jgX/yTcRQcvv37lFPhMBLDn4VXI8Th2lHAqDOKe4HOD4b0RfS/mjq44WXvcRKPgJpqt18ZQoC8O9B55pjpBCNDKYssRnh6c/wwJT8IHYVqY7J/mfqEOVgu5e5/fOMLKhnw4TYnpGuiITpl8Ne69LzMPKiGF6YI1aNRu0zOHRNZdwFkXRATz91lIefk6v0Dlh0InEYsJiVzeg4B1jKjTfvzngO4AG9RjjP+ZnOsDJnitpJhN9RWWnpxcWvOaeoVVwKP0sg8Qv4aeT8CQpVWobQQBPydLsQx1NXpn0UIIX9p405VCU2UAFueieXwvjPKK1KljwOKPdxGjUOqet0W/294gg9IQqzs+5COTBfNagbl3Vo8wtbIlPrEu/0B1QXpWeIIi12aogblglkEun21aBSkhMK+I08YDMCrsIFy+vbnwBXdG0nxTRDIj/XVce8FmOmUgcuVaLE/gWaXsE1DYNATx4E1r2of+ThJhvxHaZnAAEWRarZB018Vqs+KyqYgUkgrOpKEL/1sP1ggmmhmNrfWR3opX79E+yvcE7NMTI+ootmgeIL2q0HKoI4i8aPTS3KyTuJqQGEvQfDchshGv/iiU7wvCX/wzB+LwjwQ55PUUCPuHCbJ/R5oIOK/ifvieFvyvC+h+qT1k0g67bY3Nux867u9l9VkzNjPbGPbnVvv0eD3HiWwxw1RueaQ0Wako1uqoP8ed8LJWcRBQ0CwwdlqXa2O/St/nBVKyMGG2go83LORF6rVCzEKR6u/+n5AXzmqzAyYZWlbxFU92YHGn4NqUG7XiEuRNBiNxaXhPTY5hfjYk1Jde4Uq2Qax3rUGrd0IOfoXIDFjwRF0b2An47YcGzcj78iaof4P2pF2ZvdCDEYFVgVL/s8HS+Epq6UIL5g4A+QXFUZuuRakZt6be8J9XYvGvzv+NjJwPVAAsMRB3gZ2qTDMD3qdl3Km4ne5852ULlX2/bydfKBAHmeifHaJDcS35BkqOlw9Kjs7nvuysLM54qjfjKRIDjuuws3QDASXHH+CAOe3O32fRKMm5hJzamw6V+C/sFMaY5sR6KLq/i4m9OkMQF+L8Fs0emeRl0D/yOBOXD423PYFuSUhj38yGLObZ/TtRfwmlfCUO603ZWo3TB7gPq7WanV/6cPbosionKFPgq1iaAsYqyC9KwVyHLKXvXB7xg4Jog/85/AeJ5gGpvV1Mw8SVAQQk3eoeqrgBqJgvy8shlMjV0DjA26S/6H7YoFVSTw5CTGrEuELEK6St1fV9i4Js3/srodl4P7ez/4H41IHSWeOBtqRAbfKkQmmMi2GAfei94k5GzJ7Rqn5JH1s2MdSwreCApCV/mwiOpczDyl/A01td06IjTMRwZ95xhDSBVcrnx6dbEXdrQRSA+NUpJOy/YM1i3yjCB750mhIkUNxQbatSxERWVd7AQdNiV17965x9DyrmEUarInn0ouvoY2Yre1ixe+u+fLkaL7AMj79XZ8DF1U/5CojW1oU2Ebw6vOKdbIlPl9Evko7XSKXOsXPBxI1PI2uo1zr5kIrJCi5Hm/emu8nKzcyTD4oCFYcaKqrtMTCq/ujxKvsaDIk5+tA/d5U4LYbVv9SkfD00NNWYOUKxUmYbJPnSFoS88RTj5PjfXc/QP6jsaoCzWJMmA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-04-17 02:11:37,188 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:11:37,188 - INFO [Shibboleth-Audit.SSO:?] - 20210417T021137Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-4955690b636f5e7f72b847236a5562e72953d7b8|http://10.109.56.122:8000/v2/sso/saml/TestIdentityProvidersCRUD1/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_71f354f91656ce27e0de3959c6aa3a5f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxwyChGxuAbHrSy5LU6lhYlaQBd8UX8s8frZZX07DJ9oUO0/ixeYyaKVuRWHHKDbvAhLXXsQG5AKZNyQgncKdXE+jwjmrdRZ7Jbf6hCWbh5OhvR8dXK0Z+2DZoQHbjfWvyeTFbyat1xKDNbMct7igKXNDATiBriFupmgkBZGIsL9UJ0boyx2yhLfMaqhtK|_400dbb5f26b2d24a4ebbb2000ddf40fc|
2021-04-17 02:11:45,296 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: 3a21ALA8N5ACE_KjVun1tVXYL4SHexY6gvnkxgZb8ujUj6ghbzIBEN4Q
2021-04-17 02:11:45,296 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:11:45,296 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:11:45,296 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-9c0ed176ff8204899a87bb08b4ff2857d869de16"
    IssueInstant="2021-04-17T02:11:45.252Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-04-17 02:11:45,303 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata' from origin source
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:11:45,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:11:45,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:45,303 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-9c0ed176ff8204899a87bb08b4ff2857d869de16', issue instant '2021-04-17T02:11:45.252Z', entityID 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata' does not require AuthnRequests to be signed
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:11:45,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:11:45,305 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:11:45,305 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:45,305 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:11:45,305 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:11:45,305 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:45,305 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:11:45,306 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-04-17 02:11:45,306 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-04-17 02:11:45,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:11:45,309 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:11:45.310Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:11:45,310 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:11:45,311 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:11:45,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:45,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:45,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:45,563 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: vAHpmsSOsUGbhp30wYfzQ4nzT2Cp4fxWlpux8mVoYVw_xale0xOq4ASJ
2021-04-17 02:11:45,563 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:11:45,563 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:11:45,564 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8"
    IssueInstant="2021-04-17T02:11:45.517Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:11:45,564 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:11:45,564 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:45,565 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8', issue instant '2021-04-17T02:11:45.517Z', entityID 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata' does not require AuthnRequests to be signed
2021-04-17 02:11:45,565 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:11:45,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:11:45,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:11:45,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:11:45,566 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:11:45,566 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,566 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:11:45,566 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:11:45,566 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:11:45,566 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-04-17 02:11:45,567 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2021-04-17 02:11:45,567 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:11:45,568 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:11:45,569 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:11:45.569Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:11:45,569 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:11:45,569 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:11:45,569 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:11:45,570 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:11:45,666 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:45,666 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:45,666 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:48,624 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-04-17 02:11:48,625 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:11:48,625 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1231200513::identifier=rick, context=org.apache.velocity.VelocityContext@33c0efc7]
2021-04-17 02:11:48,634 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1231200513::identifier=rick, context=org.apache.velocity.VelocityContext@33c0efc7]
2021-04-17 02:11:48,634 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:11:48,634 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f07bd01938f148c604a25c0b5490ab3c7396c02c6a330d2081c0726347d353c0 for principal rick
2021-04-17 02:11:48,635 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f07bd01938f148c604a25c0b5490ab3c7396c02c6a330d2081c0726347d353c0
2021-04-17 02:11:48,636 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:11:48,637 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@239ab5d2'
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:48,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:48,639 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:48,639 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:11:48,639 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:11:48,639 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:11:48,639 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '10.109.56.122'
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:11:48,731 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:11:50,661 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T021150Z|http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1650161510661}'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata]' as '["rick:http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata"]'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@239ab5d2'
2021-04-17 02:11:50,661 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:11:50,662 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:11:50,662 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:11:50,663 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:11:50,663 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _bd020724ef85b00c5f6bd382beaf5d5d
2021-04-17 02:11:50,663 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _bd020724ef85b00c5f6bd382beaf5d5d to Response _c6eae1ed3b98d6cbda6591cf180b7c58
2021-04-17 02:11:50,663 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _bd020724ef85b00c5f6bd382beaf5d5d
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:11:50,664 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxYNDCvpZDPEGjXqd5MlVVkgcajGawhgb+KfstHqVQ8VUNj8WJ6k4gcecMrN5wzNVQEpiEGu8h5D9WtThPZocu3Fw1Aw5XBqrXHnUp0bfBpbKuO3859ltmoLpQbqtLGBdp9P4y2fC5054BWlHk6kvhtXWMlPOD/4bDW6JZ+lU/yXAZYNsBsLjdjQ4urWBoyw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 38.65.13.219
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _bd020724ef85b00c5f6bd382beaf5d5d
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _bd020724ef85b00c5f6bd382beaf5d5d did not already contain Conditions, one was added
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:16:50.662Z, to Assertion _bd020724ef85b00c5f6bd382beaf5d5d
2021-04-17 02:11:50,666 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _bd020724ef85b00c5f6bd382beaf5d5d already contained Conditions, nothing was done
2021-04-17 02:11:50,667 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:11:50,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _bd020724ef85b00c5f6bd382beaf5d5d already contained Conditions, nothing was done
2021-04-17 02:11:50,667 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:11:50,667 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata as an Audience of the AudienceRestriction
2021-04-17 02:11:50,667 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _bd020724ef85b00c5f6bd382beaf5d5d
2021-04-17 02:11:50,667 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata to existing session f07bd01938f148c604a25c0b5490ab3c7396c02c6a330d2081c0726347d353c0
2021-04-17 02:11:50,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata in session f07bd01938f148c604a25c0b5490ab3c7396c02c6a330d2081c0726347d353c0
2021-04-17 02:11:50,667 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:11:50,668 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata and key AAdzZWNyZXQxYNDCvpZDPEGjXqd5MlVVkgcajGawhgb+KfstHqVQ8VUNj8WJ6k4gcecMrN5wzNVQEpiEGu8h5D9WtThPZocu3Fw1Aw5XBqrXHnUp0bfBpbKuO3859ltmoLpQbqtLGBdp9P4y2fC5054BWlHk6kvhtXWMlPOD/4bDW6JZ+lU/yXAZYNsBsLjdjQ4urWBoyw==
2021-04-17 02:11:50,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:11:50,668 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:11:50,668 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd020724ef85b00c5f6bd382beaf5d5d"
2021-04-17 02:11:50,668 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd020724ef85b00c5f6bd382beaf5d5d and Element was [saml2:Assertion: null]
2021-04-17 02:11:50,668 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd020724ef85b00c5f6bd382beaf5d5d"
2021-04-17 02:11:50,668 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd020724ef85b00c5f6bd382beaf5d5d and Element was [saml2:Assertion: null]
2021-04-17 02:11:50,670 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c6eae1ed3b98d6cbda6591cf180b7c58"
    InResponseTo="id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8"
    IssueInstant="2021-04-17T02:11:50.662Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_bd020724ef85b00c5f6bd382beaf5d5d"
        IssueInstant="2021-04-17T02:11:50.662Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_bd020724ef85b00c5f6bd382beaf5d5d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>61DxBMcga0DUEO/yTR1XLmdkiwGWkG9Y893w74hQqa8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>jf470EQjIZrWt8TlB89rtTPIqcXZ+2dTPvF/PIaLwX425x5oB67YhRyno+KmiVFLzaNENou1ihPFRNlhPKzZj9JWZaYkoqfSzSUDf/s1KVCGxSZsj6jYvM+ZJ29Iq+dSOLfty3Qsti0O/hQ2rr/GmppHRw+RuNpBnVMAzSUJ1imjhPM0CJpBs8VUN+aGAt5CL9OHprV6srgBQlBBjLIa0u6aHdWZxw0ZppVHs6Vuy3bgnCjw9LgD7WhDO0xiplzMg20K2wLMMQ2u6taYkmnVkNDKueWMEKsK2tuQGrDfZ1ZGb/i30YennXCcI4yzPQwUZy6LAUU+b2vYpquj9Gk/Qg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxYNDCvpZDPEGjXqd5MlVVkgcajGawhgb+KfstHqVQ8VUNj8WJ6k4gcecMrN5wzNVQEpiEGu8h5D9WtThPZocu3Fw1Aw5XBqrXHnUp0bfBpbKuO3859ltmoLpQbqtLGBdp9P4y2fC5054BWlHk6kvhtXWMlPOD/4bDW6JZ+lU/yXAZYNsBsLjdjQ4urWBoyw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="38.65.13.219"
                    InResponseTo="id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8"
                    NotOnOrAfter="2021-04-17T02:16:50.666Z" Recipient="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:11:50.662Z" NotOnOrAfter="2021-04-17T02:16:50.662Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:11:48.634Z" SessionIndex="_9c723b7837c4b24f7278595f033a52b4">
            <saml2:SubjectLocality Address="38.65.13.219"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:11:50,672 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs
2021-04-17 02:11:50,672 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs
2021-04-17 02:11:50,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6eae1ed3b98d6cbda6591cf180b7c58"
2021-04-17 02:11:50,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6eae1ed3b98d6cbda6591cf180b7c58 and Element was [saml2p:Response: null]
2021-04-17 02:11:50,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6eae1ed3b98d6cbda6591cf180b7c58"
2021-04-17 02:11:50,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6eae1ed3b98d6cbda6591cf180b7c58 and Element was [saml2p:Response: null]
2021-04-17 02:11:50,674 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:11:50,674 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;10.109.56.122&#x3a;8000&#x2f;v2&#x2f;sso&#x2f;saml&#x2f;cdpidp-qzn240b8ei5wrrvyjtqz&#x2f;saml&#x2f;acs'
2021-04-17 02:11:50,674 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:11:50,675 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'vAHpmsSOsUGbhp30wYfzQ4nzT2Cp4fxWlpux8mVoYVw_xale0xOq4ASJ', encoded as 'vAHpmsSOsUGbhp30wYfzQ4nzT2Cp4fxWlpux8mVoYVw_xale0xOq4ASJ'
2021-04-17 02:11:50,676 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/acs"
    ID="_c6eae1ed3b98d6cbda6591cf180b7c58"
    InResponseTo="id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8"
    IssueInstant="2021-04-17T02:11:50.662Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c6eae1ed3b98d6cbda6591cf180b7c58">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>YxxKGeVse2WcRT9Xcn9g2gkybAaYBzqdH/su+UZElzU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jbvc/Pl0Y7rhe3fWnV1h/8I43hO/vLjc2THSpPUCt+496qF/CZKfCmsBBMXldJgWdKzKa72fAohqv1YMDIepYDtaEk5sfZSSjG+6EDnEqznip4/GtNtMaB8Kz7pEHMwvgW/c8Hvxr/g86sXbgylmxqDUTCu9xDyQCZF7NAu7fOtPb8WM5hLmkQKqB5/JMaOWWsiTXbhsLn26Sr2kAbg3OldL/k8BGJinhjkcjU0Hkju46HtEccK71SiOjrMvTarl14BxAQ+FR8HVFdmlbcLFkH/BkNvKOgf6yfx4oweJavjiCiFSm76zh8QvFJp/whRAm7AaCs10RPxwJjJVQoQWdA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_81f4895ba36f984c240435524081da0d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_960419c40d34f9c8f051b110bb0b4963"
                    Recipient="http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDFzCCAf+gAwIBAgIUJODDJX5TK4ZO6M+unfDgdPNllK4wDQYJKoZIhvcNAQELBQAwGzEZMBcG
A1UEAwwQYXBpLmNsYXJpZmFpLmNvbTAeFw0yMTA0MTcwMjA0NTZaFw0yMjA0MTcwMjA0NTZaMBsx
GTAXBgNVBAMMEGFwaS5jbGFyaWZhaS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDZbqHv+e9XLFsKv641AV49nR+Fu5nb/tw7VRqEqtI7iWot/AxNaWJC8HGgDRRpa4RLTUGzIjTm
+v5x/BuaNOvaW4KsQM5hzYmizMMMCtEqlAnBQtZsdU4ie2uIxkMTMbeDeBliH04xMvpskwMcNBYs
pQ/enJvFBSOyX7+wRPwOjKUgmFFjeWbqVMygt7OAj+XqIk0fmHSBiMf6kedfT7WEMKLfNQ/3/bfg
DzxyOqPYF8SPYS4BTTtW55zC816+9u/NtYgrPVk11QSyWHShv4r/j+D//tWgwRzUDW5NYCJZKZIT
rIOM3yd0yTaVCzXIK5acZWcjNzbMutDqAS+FzlgfAgMBAAGjUzBRMB0GA1UdDgQWBBRuwY8mcMFm
kWV1C5KyLkqNB1clrDAfBgNVHSMEGDAWgBRuwY8mcMFmkWV1C5KyLkqNB1clrDAPBgNVHRMBAf8E
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCSlEopFeuGZzOUugunNW0bYFRKnOs/6bT7fVDSFA30
CyzZgjqG+FZpif8UvEHXstJ9N5TKfT9CtbJms3zbeTX8L4PfNVmBkwOMLfzAUoarHKJ+ExsD2WOD
Zt++QS/Vz9KjvIWuDvZ3awFdXijDYa0Wfm4UboVGppbiRX63NHF10r8FUB6MEcZ97bAtQMOkIEy2
FERjqUMqHchqdUuEqmS/wj2DfJVXzsDAuK0QMZDX6DrpYnpd696xwLYM/CKC9I9aKtWCMNNdgdMQ
SH66Ot2iwMCNjc3ACP6FjVt63NUQ1TqObCIGnIyCxsyfH8oDHqjWJC4HC/o+7ojMeUqXSGMS</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>f1Debn4jG/myn4KQTaLiQckeDo1/ofe7j+aWn+VmYK362nvjWiE2BbiD56bAujWK2nBuS2VGz9gdmCqH13UhwORoAoY6f7jnwiGt8nUKSU9ULZJEURnwnTHDh9TgAOUsHh1APhEfo32hmNqhgxWnHwT2/n7vlrnWf7u6IKsWz9H5m94Dxym5DBBkrwFv6bmZp5whn4Mk4vdwxcbvQ1fWVvY0vZ1WS4mKZ2NkskuS+601tR+VD+To02UDXlqAv9FXdp8CfvQPc0UFgKBByCjTisnkGzk0Hwym3CswsdmysBHbGj5yHj1Ls+Gw9s5W+tYXZbAMA/6KExp6BTAtbVSnkQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>4A+H73CGYQQeZL2yKevPIftrIkXSg6uaGidSA3rdS6bEKfYt8QsLAED8RVfBigSKwhyX3CxRXDfx1nzgkTSbu9XRnM6GVlQ8/Nu/UfDv/USMUM7kGDAuz5EHHrEQFTucAdSubmrjQNPgm68Kg13JgaRXTYdI5qQlvnjnjrspwKkaSUz4d/hMlhO77rsUI/BnvydlbkP0cpS7y26jE3qRhNunmmqwf0nzwtfWxT/LI8jcwmwcJQbDqrCGZRWoHotEl5Qq0O5WllH95kWmXNEePr+xoust3sbRotqFp+EHr4776h0X8D4SUufUl9J54NlE+zCay0fZDdRhTlSzW6W3fvf3ccLjmOm4QaUVCVomdSxX1lDsa2rLggLNPCM6OeWT2ppIE9wUlO3Qhlt4XBPI/PQIaYTTEsiePD6GskR3TkoCA3ChpwKR6ziaDVxezSmIf7c+15RLyH22RD62Ju8RErTHdfQr1tArE9RLxcqNVqWwO44OeEfJJOUDkFhHUvkIantmAO/PaGfSyQoGjrzxFvA2iqANXuyVpl458ccOJyC78EsOnbxIejwzN+//BfxTy4tK/Kt66fP2Uoyyrb8PeUDj9JKHAK/4T1MZHSy150h5sz7tRGnuJL9+3AxjOpQ3ZwBAJadZlkWcRvV4sJsgzwK441tlgZX7RZvpop+yT/iT7dVQrN/nsxUCFmkVkh9Eka+u/8Bzn7gASiOGmKUF0qBLTXP31YflWxgJ805ZvD+nQ1wVKBpz+RCYTqLbEQRHPSwNaINTivl7hzS89WXg2LUC2dv08WMGuxQpwWQIsyMk6JGVTpo/OAe93rBeiLHnTmkTpgpscGtILPV+9S2x+F46arICcuCiNN/ZJgEDBDJzNtlHOyfPF34Ypv7CiwjrGcHAwJoOWOZGaF0DWl+ZiHtmKAroGsfhfRz7XtY1+lSrkDw+NS76v8tAhyX4qfAfWIrXkrCDPPYx/eHWR6bZ25YB2/hirI3/zJnYDaC0cMeDP6Zso3pW+anBPLbOOk8dRMx/GCcgvT4iqcKyv+6IqWE5jzTVH9b2Fp/E2DXiEH6xgp7X65BRc/yJTAVhEVHejDSJX9M85K+X/b8fz408Ql5y4S5jZAHn7s02t101WVfHVEfQiRZytyZ3j3RenMH0CdaLWvIedTV+ZuGBzVUUVkOrkPTknA39L6n0l0io4JuogLjydR58yXh9jgwMgvQx8pdOuf7BO3TajN7amoOJtv1aY20rQswkJfQvA6X/KHXcqUXuzx4AYE/O70VVj5Osouw+i5KvDhNtSyBSuDELFT4a8n4KshZIrHyVlaEpIdU3wdmUIsbzkTiqDjxStaj9WTVhKfjGVkw/CBX0Xh+YxxSmVw4OM27rvWo/dSWkEWObFyfcpR0yUa4c0NTFxARN1p2dfDu7HoFVu3tCy2YoRIcyuEDOlRDhyzCOaGUvOVTP3gcQtfzzWDuiYE7hOgHBVAlW8Xr0Hv3NLo6SQjZo3zZaWXhFlFK8NoGC+zzB5ydEWEvMYuRj31HJdzaj2ZQ9XNNpEd1rJ8dl4zjrexS2zKk+9jT5WIt4LYZ65RoCPO7yi/4JsFF5jQbSHhpZY3on1beSkOlm335hWYfwPgZppc4KWHP02QB4eQyRp3mSVKim+xv2pQ1hNo96M881g9yRHiRNe/bSYMrO/HbNs+1DKmc6dFkmLcVTQVDOkYbuM18CGkSur4wMYBUgvPAl82TU4tUTgkF32H3dv1zuMiGLEiDtfB/H+JQy8Wh90LCMyWCSFmXoQxWrd9/W8B1MwrZNNoOP4ppn4/nFIUOfjNTkNki89DugCqNtvsqsevKOC2AAnbdgXJ8RXiDjDjXbfCXGVRjd8hDqkahHEpEdw2zdiXGILVhO9AK7HoJCjjdXef+1BnctBh3NjCY2hhAbuGM/DR0dVcPz1A6ZpwoLdSYRRAMR+xMDcRWlm17NHksb7/hgBLAIFZRfMLg+VBgwUYnn13VvALrTpKLvW7WdCOj1R08ilTd1Fa74LDSD9xrMl+hnlIHJrfSNe+2Lu7cFatC4OR7QGP0RJFPoadgL4KPpqP0GLjQOyPqYi+S+y0E6yZ68dEm1RqwMMUKsnYGR7birJwNJ2UhQk6vKk2TxWrHKdjDK6bUZthYhVmkMLRWEyG99b31yf/DOJBz7I3UzM/QkAnDQ3VzaxlApbTLSEeoHw/vdUYwhvhwLs+ax7m6jng8CpgONcjXpaFNogk2lVqjPcTHCtXO2/DiNLqSO0TXxIr3Yg2xfiDQmCJhbcc5nKlYRs7PJwS8gwHXKRayhEv3YBSbjC6gpgsS325ajHHB9rAMCX8ICmO5qJTLohmJgvMJevSprhERkVbOrEmbBzFQa4GGIk84amh1hmDdTSYP5rII+QSdWUIs2nlNIj83KlrJvKUQdvy6ZIAV5HTtZLOvku9bHOVZlqYNzbdOx3vhOvkfEGzmjZI/ZFO9lAyTyu4j6aAvGycQqD5p8xlvxh19cUIBipriia12pLl29rpKc6L7zNuqibdtfN8M2fE4rpcaNlVk97cSkE+ABim6U9ASfLL/trezLyr3ZKNH/fYyUsHoo9Lz1rJKLjn/Dn9o0ouadRrWxNctqwmfo7xX0IJRgGRdrrdnW6cQLufFYkOIy8kXZ3fVsTbu4Gqt+Z5sZyOwdd8qzVwLF4Ff66IKQcGWjRij75u/jACaoE6qyzEouSSKK6IC6oaWdtUH6jBFsv5IkyULQPPATnUphazSJEWT5/VhcU/Ns3ZeiHsNDIBFCwl6yGP7D74hsEURxHoNoapw2tebZK48b+aUh0S520hCAHkSK08ODtVaejdVw99iRalA1yISdjGrYWc5xsHaq8+lu8KaJEm9u7DuwsHPRHg+hJ9gag/S3+/lsyJAxrkzfjU1gdjBn7weedgN4PPeyBSutP9azLMS3MUWaYnyhB0tAJp9KoQlmVTPpZBzSWQAmNXPvl+37Lc6xZ+7FBiSrfH+pvudANlmRq6CF4ESiiqDYECN827ILOH2dBtA41EFBWrJsgvrLbT74WNibHIaY80ujknKcOTtx2OhMzXGqstTjEfoyT9xh5x9bYDOlWrWfhQZNkX8qvowzTmiG6D4ASax151czp17TDXkpeiu68Akq34W8t1SnT+3Ve1Ma5Dmpsm4HEzxYB5MzVZp293DpM4KkZWM9QBrzGLop/zLEHNNL8Ba1A3d6+lel6mGgR+RhAnLlJuUhDJtl+2/gMMnMUsl/ykB1BDV0Ka6/SMoFydYZ4xeCJ0Fz9ak14gwRBMoxllU/cotoxO8qvmcMGxQ65yl66x8u+WpjUTcAiWCQiVy7gf7p/5lb1Y6lRqLwDEorwVrjCXq/rY92lWYXAg3cS6LcJY3S+qcp5xlqVpH4L8grxdbFUTnfCKx5kjTiE055WHszdb6PiEUmIf5hDc4uyTFu+3xZ1qThF8aJ1EoJDJHXpOGfqeFT+ZZt00i76WYUS4IFGCeFTCgBv5WVdtdxid0XVnM1lxfPea0HZN5+vWd5NuaTUWl00fH9VP7LIalfAnbkfEZkooWgnv0RyOh8+cdCf5nu4CLqGJXQj5Bj7hveH90Kg2Mo76REZsS1lxAACyqFi7HXGokTq7A4MGSJm4c/KI7R/I/bYmNXhXCwFbiKywQSBAT3mXcyjoJp9c1Kt3UlR3ggig887Vs6mE0XU9hxGMgmIsJRIXNGYyjCk4gtC4oyQMHZipT6cEyOnTkd4aAhlIP5YRRbaK5ZWzqntNh+qzI5bRdKs+Xmm0S+jv0ZXv8KDG7cvJOWq4HdDf3nYz/rUIkLPzBo9323liAE40P1kq/3EWOFBXsg951otGYm+7+OcPxXiAvsdw8mYjUDqUK4ZdCGPiUMMD7h2HhwGSUL5SY1g3Zz34n2XE0l6+0rloTAQiOv7oj+nYTe+zlJcqHIY4jpINIguSWAj5bPh54GbjaYyrYzj7jGR9a2lazIBmnCgo3x8tZCdh/ojJcp5Luff6+K34oduJbmht6JEGi9sCTxx7XsUGRYdyhXNnlZomusZm3K8LuvFKCrJXGI8ayi7/ld0xtxB08MrDYIbH7ZCM/49dXi6r6QdmCOL66m20LGzgOymaprNEoyL5XoJJZc2DzRu4XYNHWl2SR5iOMr5bob7WFxH84VjvANC8qkO49QFOMQOsQFqPZKlHLAlzK+1Eykq8ZiKv85O1A0E2G2GPdhaTEXlPMhZeyjRr+r3m1mR/KWewwgyT+MyPHF0Pw12dGApZggd4pNd2JEd3msEf7MhmwKpkfkZQqUraYrIxHsaBd1N7yov6ojPErq1rtGCo1Jku+4GjbnIYXkvwzZNeHwE3Ml8wVdstJ62fCXq6I4J97xA8XVNLDl0Eg/+LUW0fSQUNjrL7xNZ0gCDZxjuFrZjQnGFcKa1sRCwvooO0SPRe5VfmZMb7shVjZ8LEot1GMh+6EpjtJcS9V7V+OFhhmBp2ZR/as+va18xItZoUiZLYNa1EkhPEeYnxUsFt3Z+2xD57ViTpB4sN25CGd2jAvYdtsJfJtDKv4rKeH3sySG06kVcYUOqHqhpVFHdKIqwERBTxWqbwEcjDVCHH3LxF4iG+YgGGXOyKzPkzdo9C/2CxtolAlEX9/JMvuOh7qK113w0JFNDe1ffZ1PDfAD8mGz8gsN8qg+pmc00saFdpI0eyWSudtg8YpmunxX6U4MhbQzpf7FsWabiZcqK+yKi+hpQ7wqDcRzU0CG1X8nW0FUQDEzkUBgNWwopV48haEWwdkq8WwGtvwMy1YJ8UC2julkwyCUCP9ZjyOZV2DmF+TdgTtyi2jMnMXUpP0LFBNE07gw+wxFKjzDJengmPxF1qYbzfLPdKiPsAh8KfhvF7RDiMp5/4wIgbrc1hZHEsmeDqwXZodyohMAKKOy67HtscKZOd1FhSyRnsWD8Nus3xFqXIHnUCSAdeRSq12Iqdwb9KMHPzurCvKR3yaG5pU+lgaNqwS28Py8svquf1AeORp1kQhGcV5y8V3QxJE3FZpaMPI4SlzLx33RgThnpK5egCMcdFPAzN/5DObfepT25myjNL3oakasEkdr88e1707sEOzVHiUlRqnA/Ey0iNCWE6Ht4lZRRGWDjj9kevx0OguJjlWQi6h+Lg6h6aENEF8LLDzhzNQeXiwS6KwAgDMRefER4PEMrdgOli+ZqHYiNsDrEQ/rg9Qq06U108570Q6VMwLNBnDBfn0lqGYlJ3Svng3cgdoUMZvFO9NGmK0WvtsAbg6cBSdBCIDBbTCIQQjL+3P3oXHkos/IrqFcVVRqAfzs0cPbq49GC0k8LVLpyE+3dy0UkSoCP9A6uFcSd9kA9KXcKE7lZyaMBpA/YY9mZg/Own7xGNQUfJU+7sw23PGN4/mZXkBgNsetFuLD2Wz4Ti+8s0v5ICULL6ALPD1MSphKZwjd99m054TWSssxamfuaCOL1zJ77OBSmfmBV6mLVWWekcz/loFG1BrryK2yglS9BOd0lb9Pw1ZIPUrsUvSluiuBh11bE8Cyngo4puUqsV5WOvbDV9/UusyB/bSxctj4s7vX1CQrkfSEgDOPJY/byQBIyhy0ldHLNb/8bbfQZ8zun9fPTFsJr95oMM1pT3+QCSZYGMUM6l8Oi1o1v8sInyQsV8QB0zQUgJ3i5jTIKJS8KyAGcHuG4EkwFal0rRoPLPtXmRloBA7nk4v4+WSGw4m4hTNPDhNyJbxWtD7oZkngRP+7e9+5b1XIBQuqJiSXAJeMKOR5HVp1S8gjM82W6c79O8HHflt4NI6sN7NcpYTonHPnoRJhKAFOoF3KqlPnIvNPoeoci3VgqHhkoP72j7ox3CntOo99UVkBG/ULO8gMyyE/84WIlBNYRgBXzM4zyJ75tZO4G3GdiSdTiaLj/W9dZT2pBaH+Z5t8YgaBkDXlAOnD8YGoTQpPta8kQKqgtgyUa3tuuUUAKV6yw2oVHPqwRIV0DJ8h4PJCaFAZOMJnv1ZXApY2yzEDcddVrJgTulEWb0zn/de5CfutFaDtssid0SIWMimDj657pAY85uSOaDeoe7XYq1tgZqGLzZyXgWUXFJmJIpxCQ4x2P/opuEUdDQ5ZJ1Xs+OaxUKLdErAf87xS1vkBb/ntdTK81d+wfuBSBmmhAVEx9HrRbCTz2YWO/kBc1jRrcK7u1vPBpBHsTpZsS8Qv2s1Z0zibxsU4RYCCCpCTtjcErVyMDpZW5daEVo5JtfX2OjVfMOiZIXoct/VQKuvhmhFTtYlAMsAsyuoq2bNSdkmUYFbIQgW0Y+MkaeVCNej0LshJ7aOJB9sgIkhmizc4ov/Rhd1uvjOf7GXIXCLKwRrWMw/cZGVJIIHAIqOqRnT8xREypcr4CI3hJlevLXFvI1kMOTekXICKQSdaspfe/BIPoHXo4EyxitBWxSIiGdUQ93rrWVQg4YRKhFRXu7FXA1UHIpTItBjT6faptm2nJbY1t12kz1ISrh4shDFnDKUMvXzhkRu9HE9xF+oLpauoy4P6k0R0L7U2m6PCMPsRKdO4t/iWB1jF2wsavxfsdnU5rSiPBxZepQkWKHiv3nzIqHt3cso6tDZNOztYfKxEr3T0YopGi66K7U3kdEmuA0oCQaECbYaaclyKDNo3ZOaJj4fBbAomiTsRxVmP/lDfaF81VWuBXx7YMpzvQ5a0CSEnzt1Ei0OoSYmL7ThLvPZTFw5swN+/gZaMobqhaUCXcTaQvIDEnynl+LBhhVlrLp4UyZG5NiTPu4ocOc0uUc58CC9Rnm2+JuYOA2l+LIJC7jFl/j2jt/9BeTsrFYk++cOrsrAUk18Oib9c8b350R/HJKVb93QMx2uNlhe+zFnxGmSYidmFJcIYFJZPe8yq3wBRXKRO95wK7bfD1Bct2FoiF/GymQGRnqDkwrNcu08IL3vLdu4iu29aO08aMq3J1MhhEuUXbgg/jd5M1g1NvP4cqc5ftuzb8n3zG/DeOXqpA4JojWtTXj4m/ojowwtKJHSrJrFMeIm87tCFxJp5qnT6kqvspY7pJJiM4AVCtXSxzSgzndPkx91tqsKRrBvFooFIRDCsNdGTu86Vf8qpRf9MdzPN3GpNdurald2HFlNgizaLU7FgAoTyp3GJz4XcpdWf2g2XMY1ayAvhrtYoHZLNWQXFhTBjK1hpAwHzGZSy7jTktbUhjCkjAr727AEn0h2C0s0dIYFQjcleEoe8H7x1Efhb3QGGTGGPOaMHIyHF3rf6vGtjleVKGLchUOJXSQO+AU6fGSK6ulUx80xA0X1ZIWnuvoIkKi37mcVvNGa23NxXtscJIlTGBeUeBY78haH9TzUSjfU9Y8y14Tihwsa6RvqCJF6V8Z+dJgnt6ZT0ZWbzsD8LP3yZU/i2xhAvm/Wh0AFTpsCjnR+qqSnv+trRb8TCzwHsstBqcKupeXztrkfysn+ooNIfeDp75xVbkIfK6ZqLydX+ADy00JUAtp4u8lwwBoEj+49NEQV8WahlCTjqtbIfry0+LrgqjrrLNLCwbMzlN+GxtwDdf+NnlIzBgtGbFN9NTf+ks0axhXIF0K+hn3lwnjREGtECDTUO6VbhuXfhI7BG6PJyLiReB/izJBHT8jLiLCNUv2PdW5LlLvdFatyJC98YxLxTTu058ft2dry7kvWkHvfIfqXDC6pYq7NCIPFo27QUCPZX/RbY21s9KVu9JudR1r9yYClwUgYuUz+f0yglk+zzkoaZe0UGRd173w6TSAB2pfed93+ZzPiRtOJKJEAP4hE+Yt5V4GrL0NQU5AVikuOCRGArVD85HUWSqWBjcMABkON7Wzx4ZhwpaTbQDWd3++v8sw9Zf5jx6BTyFcrc/j/kRVsxGNHK0CuwODeg5mKFfirIfuDHCsTNQ3zXx/MAoN1oxN/ipPxx5GSE3F/1snUl6ZxFkaRv9QSKmug7CC51NA2mmeZ4gWVrgLgrDQutEglGUo2NCLTWDqJcsFjHkMsb2Kw/JSEFq7jzrgJyfVLZJBCFN+6BNCRuFeQ0UJd2GaacOXpzSDW21Hh/Rro3ZFm179+sTSlyhjVCN/0cY4+DatQez1e35DG0B7KES80vvkfZQJRMkMZoWEyNCeYd0wUBthm2ZX6Y/CTqKZt+//ReqMUeomnZrBw4q9TfGPjo9n1iHfHObpFaYtT5hmiDIMlkHsYPttloHY2H5+zZLOhip5Hs9WaM3M6LUh6gFOCjeW5Jbjqzb3gx0BPzWwpPeYfREtfx2N+XXyKejDIBIl7bSGOSivwjabFQ79k31HcrtwtZR0lUMMTGvRClq25Bljq78Af9nA2Wtlb6wsJLPet7xEtyNNXYYZXKGW3q15Up46LeH52xrAzkrpZvpM8Oke7tKHI9E61VcIyJXx1tHKiqr6ng73Hv8hqUr/x9awK49K7vcz68+oHkac+u+y5TGJMdNkulrda0DzTDs5jQ2/UHmWYKjCifetjVlP9xilJkhZ1cbQJYJlx5fg8wOCUubNSHpwE+s5zSN3l6ucjjMmQb+naUD1i8p2BEuyoCQXVCCvzTD8eLpbhcw8oxAMKkO84R7RLuktm8oexF1oQ=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-04-17 02:11:50,676 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:11:50,676 - INFO [Shibboleth-Audit.SSO:?] - 20210417T021150Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-4c30b69def7ba012912ce62771f5b8b7ad5e69f8|http://10.109.56.122:8000/v2/sso/saml/cdpidp-qzn240b8ei5wrrvyjtqz/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c6eae1ed3b98d6cbda6591cf180b7c58|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxYNDCvpZDPEGjXqd5MlVVkgcajGawhgb+KfstHqVQ8VUNj8WJ6k4gcecMrN5wzNVQEpiEGu8h5D9WtThPZocu3Fw1Aw5XBqrXHnUp0bfBpbKuO3859ltmoLpQbqtLGBdp9P4y2fC5054BWlHk6kvhtXWMlPOD/4bDW6JZ+lU/yXAZYNsBsLjdjQ4urWBoyw==|_bd020724ef85b00c5f6bd382beaf5d5d|
2021-04-17 02:13:24,340 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:24,340 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr" IsPassive="false"
            IssueInstant="2021-04-17T02:13:23.150Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>o0nSPTsDsSet1skNB7UylOzJyP0=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>jm1t6WXRkh+0H2i9PJUvprxBgg+/3j4bCUoFWL8dEU6ewvfTR2+Twghuo/ddzqA3H/YDtk+z+pkuhTpO+O8wz6E0VkppER6Uh8LOeKi9NxnOr+cdmyjqXfed5WSNQEWHVyyMdZQVssIvE7Djy04jvoZguTnLhY07v5rZ8/ubBMoOUfQ2XUHvjZwAGcDIk7QKVRH+Cm2AmjI8jQ/5ME7yXP1VNgUDXQEmJF1QbjhtI/5riQ2A2TwNIPnURjI8B+df7nIo/Zy8Qk2E/moPNhvlmxMK729uJrWedb47s0iOoVF0Vq1JMkP/UPNW0OlB3bNJZJtH8FGkpqwLdo6tUaw2VZyLq7yeGmX91b8YeI0BsMlEHVvkfCV42f3zorQzL2QEg0OZFpgab82aAgnF+t+SwxGjt8SzqMUSXLoRv+2v6ESluaOT6m3wWPkrFhuhvlwg8J4iuUBq9/Yym27NhP1E/0h7wtBaH1yx5lEyc8BKLFzwJIWOQh/UGshLVQN9JiDe9Uw6xMXUxtd0Nyt+/klsJiHGK2jrRHPhK3h/A30eyLzpXHUeXhlgJ4Qgm9KTo2Rvg4gmU/aNunS1toYlxpzjIXIdElp533UN+qtnJmxonCaJmocgTaWSZM5dAPeUf3TUxghVKGbJQBI3ubnkiD+VSkVZ/J5PfSR1tQQZk5LkV+E=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:13:24,347 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:13:24,347 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:13:24,347 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:24,348 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:13:24,348 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr', issue instant '2021-04-17T02:13:23.150Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:13:24,348 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:13:24,348 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-04-17 02:13:24,348 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-04-17 02:13:24,348 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:13:24,348 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
2021-04-17 02:13:24,349 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:13:24,349 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:13:24,349 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:13:24,349 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:24,350 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:24,350 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:13:24,354 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:13:24,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:13:24,354 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:13:24.355Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:13:24,355 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1729811605::identifier=rick, context=org.apache.velocity.VelocityContext@5f4f82d2]
2021-04-17 02:13:24,356 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1729811605::identifier=rick, context=org.apache.velocity.VelocityContext@5f4f82d2]
2021-04-17 02:13:24,359 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b2784dda0e60b6d7824543ebc1711bfa3adfd845a7abcbd20ae7d4606c060c9f for principal rick
2021-04-17 02:13:24,359 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b2784dda0e60b6d7824543ebc1711bfa3adfd845a7abcbd20ae7d4606c060c9f
2021-04-17 02:13:24,360 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:13:24,361 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:13:24,363 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:13:24,364 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:13:24,366 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:13:24,366 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4a3d117b479ab90713da53e92f6d2124
2021-04-17 02:13:24,366 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4a3d117b479ab90713da53e92f6d2124 to Response _4dc305cff2fa5e776b6f8be910edc22e
2021-04-17 02:13:24,366 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4a3d117b479ab90713da53e92f6d2124
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:13:24,370 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx09RKP2aet6PsjTkiQMg/1HxJ62zrPwRnmCHdodMYQyPQMIMPNhWNOkX2WAHbg+Ry8sUEwysk6J4bfTnrMlc0W9O/895xmvhRwWIlGSPvju/Z18zPGTZrNJv1VAe44/YwnwdvACyy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:13:24,371 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4a3d117b479ab90713da53e92f6d2124
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4a3d117b479ab90713da53e92f6d2124 did not already contain Conditions, one was added
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:18:24.363Z, to Assertion _4a3d117b479ab90713da53e92f6d2124
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4a3d117b479ab90713da53e92f6d2124 already contained Conditions, nothing was done
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4a3d117b479ab90713da53e92f6d2124 already contained Conditions, nothing was done
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4a3d117b479ab90713da53e92f6d2124
2021-04-17 02:13:24,372 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _4a3d117b479ab90713da53e92f6d2124 did not already contain Advice, one was added
2021-04-17 02:13:24,373 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session b2784dda0e60b6d7824543ebc1711bfa3adfd845a7abcbd20ae7d4606c060c9f
2021-04-17 02:13:24,373 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session b2784dda0e60b6d7824543ebc1711bfa3adfd845a7abcbd20ae7d4606c060c9f
2021-04-17 02:13:24,373 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:13:24,373 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQx09RKP2aet6PsjTkiQMg/1HxJ62zrPwRnmCHdodMYQyPQMIMPNhWNOkX2WAHbg+Ry8sUEwysk6J4bfTnrMlc0W9O/895xmvhRwWIlGSPvju/Z18zPGTZrNJv1VAe44/YwnwdvACyy
2021-04-17 02:13:24,373 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:13:24,374 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:13:24,374 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4a3d117b479ab90713da53e92f6d2124"
2021-04-17 02:13:24,374 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4a3d117b479ab90713da53e92f6d2124 and Element was [saml2:Assertion: null]
2021-04-17 02:13:24,374 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4a3d117b479ab90713da53e92f6d2124"
2021-04-17 02:13:24,374 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4a3d117b479ab90713da53e92f6d2124 and Element was [saml2:Assertion: null]
2021-04-17 02:13:24,376 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4dc305cff2fa5e776b6f8be910edc22e"
    InResponseTo="_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
    IssueInstant="2021-04-17T02:13:24.363Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4a3d117b479ab90713da53e92f6d2124"
        IssueInstant="2021-04-17T02:13:24.363Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4a3d117b479ab90713da53e92f6d2124">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>fTprTLnvcyU1IATCalwLbJ4m3uDW/3d1JLTke8PPnf0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>TyuNh+GcxBcOAL3EXnQg/swy1/Ns8aQu+GJh6HfRD5D0WHeHIua4ao4j7Qm0J2WPduG3J+iXiaXrsGRyzygaERXJ1QIhPJN7NJ6yqXwp8fIa5tNIJl0TSMhDlRKqfOQ5K4ruXg0NWNw+Yq9wV194p1N8cPXDUtl+Gdq/Lh7ozRElGtkayjyu2vGC5Guc5vpqWyzxZ2X21vmCyaTs1eMjwOC07txoIXI7wxbQz/yldGJnyRpzHxzsaYXCEiJhx25iC1ALlBNG0f9pgGVssoM3sWxyFAND/7sr1ZwQrwVlDmojrLv6WVgbgS2WDEpSb1tWvGyKP0sD3dVAuvWBGQvObQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx09RKP2aet6PsjTkiQMg/1HxJ62zrPwRnmCHdodMYQyPQMIMPNhWNOkX2WAHbg+Ry8sUEwysk6J4bfTnrMlc0W9O/895xmvhRwWIlGSPvju/Z18zPGTZrNJv1VAe44/YwnwdvACyy</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
                    NotOnOrAfter="2021-04-17T02:18:24.371Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:13:24.363Z" NotOnOrAfter="2021-04-17T02:18:24.363Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">wcLQ02eMTDo//KgBFl1zB/3BKSHWUtSA2OIj9iCeVag=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:13:24.359Z" SessionIndex="_992c9b22c6ffc4d643b9ac1d768a7ba1">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:13:24,379 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:24,379 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:24,379 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4dc305cff2fa5e776b6f8be910edc22e"
2021-04-17 02:13:24,379 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4dc305cff2fa5e776b6f8be910edc22e and Element was [saml2p:Response: null]
2021-04-17 02:13:24,379 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4dc305cff2fa5e776b6f8be910edc22e"
2021-04-17 02:13:24,379 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4dc305cff2fa5e776b6f8be910edc22e and Element was [saml2p:Response: null]
2021-04-17 02:13:24,381 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:13:24,382 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">wcLQ02eMTDo//KgBFl1zB/3BKSHWUtSA2OIj9iCeVag=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_4dc305cff2fa5e776b6f8be910edc22e"
            InResponseTo="_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr"
            IssueInstant="2021-04-17T02:13:24.363Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_4dc305cff2fa5e776b6f8be910edc22e">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>4FiBPVZHp9KCmVqlcWwBS0/5VfprVEB1xbAOHKStraw=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>n+U0rbRPFjbmIE3uB/glLeBxF0dX1KvvsJNpd1bydeyFllnkOR0/Vh0r9FrRTh5y55YFpl5S4pe1Pw9CkMPQQB3RefzSdhN0l8J3GyytzGdnzLHA/E52Z9NfW9Ogjemzo2/HYwHogL9AzFK8H6w3hhz6S+c6P38peLkQlZL1qTGJHQhKSHWRkfKkIMJ3VA5ybkZjrANGTCxQgqViPVNlELujEjGc8n+Bq6YUuKvpOZxAmqdsbWspZsuK319i3Z7EryJspQhBlVNXdLgXazF+280coZ/eaRmStb1rdUcKlqG26iH0cjqR9GOU0RXYLMU5r/x7Izqox8+8wd2zmw33zQ==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_45cb2b635227c0c0c2e4676155f041dc"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_63cf398ad3b5288389dd0a8b21058cfa"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>DwpI4ePkk7MohUqat4KrlAZGWkcvGF3YlWlj9kL4QVFcYwm0zIM5o0RUUDtxjd1WEazuuPhnxSPPwe+NVfyYYsf4hMZfz6xkt29OjmjkBG+7d3izHumVuQDPELGB4J+QndKAXJDd8Ifp1uV2nLttlLCCS7ajUSoUqBI0QdjJFQumWLl+aLHCn14w54PAo+m01I3ia3zx83SIPON9J9jJeKIr6LliPi970VnWAhIMBTfoJlqL4kWuXQFO1EufRZfXoGkfR3NZb4JUHJBTreVpb4YVG6aAnaFXp3kA2Qh1NQDkepc+ligcNxSYpKf/L/Gt0IP5ZLV5it7LEhumXvZJAgmb75g8bbNY4Z+/kgYNhXPwPU+IkV5sW4CYbJtqxfcZAUqs7zf62Ohs6yRGgf3Z3WX72K/dFNdyxI3z2Q79hcL459m3y0nR+e5fOHggF1lcHs1SW1UnXkQcDDXmh2n1N2pQyv6UnYSkToZS1Dtz4ylA7SAG5wcP2/EQENj6Em63LCUyu3FJHIPVl7+e5Dit/B6XG+Pk9uDIulz9b11lTN0cZFe70Ga5mbvSbWi0PGFUkKcOKPi1toEqI52bperckPJhU3hXkFI2in7U5YIlwXqf7CxZNQForrEpuf2p0uy71ObEGM00KUHfr+7knZRf+Iasx5LnjHJteZ0HiMjJARY=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>gz9OjFAkDq4P8A34ZaJ7lozKhVEtTBMeIi7g/9P9tORUA5MmsI9J2CIHz7BXY1xIVirSy1NDm7CAUqgGVUeEJG/QLkc2w5BE7cYG2YyT+247MmZ9xgeT4fzeMDzWdBp1VTLPhr+rXKEdeNFkTpKYZovA4o73LmI1D5igQYipaZ97MZ6hvBGUBhwvoGIDdQPrcWIwTGBhcy/b3bAGapPETOoDPw6IVMFhYAYirp8UGWJToEHTvS8Z7YG0MqyFNRuJ8u7G39LSObwB8ov4FUPADkHa1EHnRBYBQTsXIL2CBviriV+ag+eBSSqh6x+8rRm7/9Xw+C8OWpgyhisq5YJVwp1aUjJnS4vT/w9esz7HPEb4XA6deYJyoZ0q6xOImM/oAoK0Xuq0PZnT+Tl+wRbIdj2hSUlt/of1saYhZdSBVnfe5agBPCRgKHpx2cGSgUjKsdMgd96rfJ137eDXuUCA7/UkxZfnIHXbc5cF3NqBA22M/h45rQep9ITHyH5tOTJPvPP8/dgQLyXe/4EJCndz7FkBnEZhYSTZVidBp1w4FDGg7xvrQ3dYasydkLu57kap1oVUedUuxOrpJSMDknmDdgnUAtPv7Wsuk4CUPXGVOWKduO5CX8oCAqIbjLv+p/Sqft5oNBucTrraqyB66TmYrBZUq5PEyDo7iEF0bjKl/0uoweV8OJkp5IC/tyTjIY9YVKiL6ujiuJQEPap2Cxoa8//nlI+exMZjOirrOvHrva7WBA8VI7qfpIDMOP5H3pmpT2coxVMMKxdhKnOXtmNtfXtCl5D9BoGUm7L1FwcKwNuU+2308v8B6b69ec2WE54aWAqF//5g7D3E1VWIOednf2hBaiC8miQDEhbYak2DgZOJYGKt6DGyMXVXI/Add/uY8Xt+D5Ot4q6Bfi+cGiq+E3CHWbPi+mCEv9iy5/gT13A4/8ZoAuKzaXx+HU6NggoHmln0TLiUvbFjUyZbiLErmw00os70blPfleNTq/1vuggwblk3jwdRDOOIOIEczA+cNkdgep32lRxD3kRYvuaoS4Q2s11Bi0uTRQAHEwtam3NAN01xNoFjpxTXgc3ttJlfovdv7Hf5hsoERRIxuJVtxFVzMvm5s7RHsMycw7L9Z1Y/eD+C2JElsg8Pf/C/lj1XnFzHYRgFdZPkvMcEllzukLlA1IXULup3v3J0Wglf3Nt5+IxHVQaDgHrK1XXt+leFplk4MPFeklrEMZeSxYMaHSINPK3ARIWft3Bd5zovZYsTWXfqxOlbryu/dk7RdWmcEWblSJKtPVhlh92YIbWxKe74pC6arIKWcq2hpPBpBrMAxx9kuVsSKU2b4GW9IXK0WZjx4zssttPX9lXBUkR7n89Y0JQ0MiSX6AT+FD3A6ZPB8crDdxoV2VTpgIMg+siEBeIi7Q1u9Nnl2aedlEn4uJVzX8vSSRTBOY6qoBCHXzJ/b//oh7M8k4i7/ZG4AaZAYCjKl1qyfYYoAEGvg9W9ja93tDq6QluFEWjg+VYfIV0JjKfxnF8+L6IbSbhvQdDm6ZpG/7w7QgOxs9fxdJLaOCiztoM8J8OfqKb3ifnQ3RVxmb4RxmONTIcuz2Amlng1q/Ec8/nBLSPiAa9LJhr4YLjOnetdvsKkKDE9C4SAeqcVHPhu0VlnGSnlL8U+Fy6lwnWIjsXp4WQAT1VReQdBxUp/xrqrsLHWgDO2y3i/B8WKkzNE/b8W9H/JquNw/fgyE5iFi03ByrJv/aBGHnU82OlV3oVZI/0l5MVWMP2K0N2guJ+ybiFk5/1IxeRGvxQQ38pnyW+PhVy0gXpiZcY2M6RmS2sRWoQeshVBcFR6SWikaoVisnNPrYGnLDVwFXuu19eijQ2jXlRS0hYygkvIaNaxGDmsQnzW1NUpAYWPXSVztOHWt8hWzfFvEYunwXX5v6DWjj9Gcptso5XlYJtClUX2y3uhqJtdNOI25Ut7ZqkSNe/un64aSwWqNMgWVrCFD8Hn5oakka57Yf6BC7Fya7WDMQA/VAZqNb8RCxb7vkYUiKwwWBsCIXd9PslN614K5Vu8k8jz3DCpf3P56F5aMOeJphVn9DC0VLcAaI8CTT+IW/fshwQO0pQ9pd850uDnUr8s8YcGNOVKuwDVz63/lQrsyRcIDaXPDroxMMTf4pwp1Gbpv1KiBBkLwyQzJA4rGv0w7TY8LWKJHDZEE3Ok1NyKQbzVYZ/QIgta/dTTIlbamc8PDF6TOcb/zoP+b17sUOqzTBgWZJlNMze9P8bajgcxPVw2Izo97SlXjALgTsambCgmR7FWzL8darUb3px4XBIfcDT6DppboCvpKYrHGahgHoLb9mggDVXyWj8YIhKVaRCYl+dEybRlrHRL12hilkYcMrItm4LUzKOPXFgIDAloeejJtER8xDrdl0+Qs81/NBz4tbgBZ6+v27kE3XX3MPyGGmd8DJ5WBnkHSYG9jyIK1gVe+901jrotHJSd+uBj5qRaOVrk0VTLpyc6uA/cyU/abPMU0DrSllHMY0zGyaHlqTmaDutHU/0T3+tlEl6YZYmdp8T+CiOJMFR+ssdbAuc9pX63yQd7v+K1xFRV+ZDUNpdWBI1IIo+BpnzTmpkLLM5thZmoHAenEx9YiijK7NY5z36idS/kowpgcNWIIdvA1PuxtcbBzzR2FhwnkSwSZNkRYJLK//wlby00z9uHX1A9P5op+oSkqUso29PhkQSCGYd4jF4gOhb41eqQdWMAU2MofbzdP1FbGEqa4IGBfGLSRSc5i/5Gr3TTs7aw8frE1cyNSHZr0Nm8WW/egEPzNAlfkAeFsRQE0Uwq8Jja/KMBNx6P21tInNWZZG4AooeehLB07pPhqSveQr4lEDwgITCx1C5EYEvJ6XIC9L3PHD0W3sDq54HepTcwSncIRgtMnCRp1/MBsW7m+ZZ38hrEgS4SanTiUoIZfhEto/h2U/qqD9F092bn8tqXiR0m2v6JJF9Ornd9VU64qglCNEtB/ugLlXspr+HUp43TP9icuG/gEqMDa4wknTHP3UKe4nJrnx5reBptCdjF+7AQ3a/HwsQBXPHLgDKXmYDPZhN7GT6CgLVMDSf60c8FT1whRVnsiTuc8r0llVwoXisoWwDYPHQyGYFIg4/vuyrlgDeh0KXewmWo7lcRfpoVi5OumKLxkGJcf3aHUSDN4jcKt/GYiufAFlGik72USD1TNnC4k0+bfFsbYZzL3PgbBx5mgaJHmE4sfTAk0OvAF08+P+ynwLCUll6MzTgbXaNbQx8IlYE/EBXDpaxdNz115EmFQVj5sQox3cXp1mIwwMespdxmKCXcO1sjuk4haPZCZngQNZWO4tbOoYH5JiWZ23aMiSZoCAJ3aq9043RxozS4NR9QOuf41gqzFUb+Vni8/kO/hUH5RHn5mlnn2j5YsfLU41vtvLadb0RRWDG5pqTd3rWdid82IhkLERL5mHAe5o7iz7Flj/+V06axKEXXqJrb9NIF1MC/NUF0yhTUA3g19Bl6iHA49ExrKrcw41KkR9whlCNwXafbobnoEVSzAFnNrRXGXt7rIMniyi1ea+bV6Lrrg0xe06JzzEepMLIsYHpfBYEI1eXBrmP3+L2mDmcoXzRKjkc4CWf7Ejp2EI3wpwlTCLqnWvoFyKikFdiPkMyXSARX2XzE43JgamAEUi33RD2Jp14E+uFGDENSHhVnc8XLK5ti91PrFbbhtjd2ibrYu/QMs9HQWK0O07IjL2wTeoTdzYzH0ZNq9Wx7LaZ6GlXG/+m83EM6Su2wm/WP6UB1ZjVuiqAX1/+GfYYLgImMx3NgHVF6NPM2sX7Gc0IsKFu03W6YiSVNmEhei6DEQ7TOHuaEKjjoED5Uuba7A43kKk3iK/+Tv1FEG9cJs+ng5Ay3FU3kFUS8jrBnNMda5RDngwO+/o1hWvRMUis/OJTbJ7udmx+dgspJETkdibKDLoFUtIIUon22zIOQobUyNMAI0p7NTgt70jnTL43xFCPenxbPr6YmDitQ6zGLP6sbzUR4z2Mxw3q6SdoLZWAqNQZzOhqqZMB/YrMFQmytKf/rFLeRQK5sv0WsFU2AMokPUsbDONZFiVNLCWj8IYoo5ZT7bzDvBb9OMlgvxk5BmRL7SZmDsn5AXtc9UQjt/2NVmufj8kDmenlWoF9ASU9QvDfIkDNlm23bF+4bl2n3w9aXkz4JMB02R7mylwWVPGdFq7OAlBfiQZPd/6ZLoY/7QRNw2egrBMchTWi6H+vN6iHkVqRioWwSKFqHHKImOzZxdDapZ/62U5DHySgXCAy+kri2gJEy6fDKVEIDBDESfcg7hYAK2nkYM7c4CAAPqrHnHaNsBQ2/zN9A+Imp7xc9gx0NHia8bwLbQ9kb5Q3TyThJt9xZ1hbASlsL2Tu5UtkzAIloUfegSy0sryJRWWjtUjkCbcgA7H523J2THaD0vAFicp5I/ZzUOaGRuHSnN/vb6bMOv8nlgF5TjtM1DbDWfZEN8nuOJ30hQ1KymAm6isIHwKC7x1qHGUwDEM/Ysmcs67LoTqXmwg8e+vp1puj+OyHXCFeAJPjz0zJbpgfecEUTTtrx843zZk5L/YCq6dGn0RnB/LJ+x0CFwXdG/iNouHaaAfNBQA7W/e8Wpn0zEq6Zu6adFVdr+gu9SaRyRKK/4Ni1Mf+4RlhQS5qjZSqz28keNSdTXhW1WCAD5skqWVVlDTa45WvAZXtI7GIWs1EssrL3Eg1toBB7vV3p5h6GVLk5Uv4ZRozgE/ov3OdA98CDlLOgeGOOyXCOsZtuxWtOpjrDIJPiEzCxPsy1D8oOGoCqkLem6Ik58dvPFCwmvu6l5Y29BEexqM7DORxlg1txfjRDflCMPweNjuDZhLRtEYzZzEhdI6KPk6Vaw55DUun7JARF0AJ8BdwdbF2F6Ne4IO5overI6C/ASEHeIh866JKSqqtqoa+S6CyKWxU6UdqGgw0cJW1Tmp8XysqpYI6hNudt8GMOxw35hFW349ZbZHUKHyenlTCTyrETB7YVaBAdDi5xLgCysPLOPhXT0i8rMqFp+lKrHa1+OzWpEdEWXy7FW6IB4GfN82DOVQRIhn8HZtXH1VFPvPAwp7AMxDt9HOyQgg+zSgqmcERg8WW+J5qfRx8H6sM+MikaMmwK1/ajSndyEsKhjm5nHwbtM9acEvA7xY+W9AsphCs1ZEPZnFfQtraqvQkthDTmqpTsjt5FLCk7CQpGwhlMCnrdXhTBbRrwHid41Ta5ADpcq+8aCrP8RjtNM5TnsjxokR26WbGit2Glr+inpVwJKA+Iq481bdzc0yh94HlvmCduggFQBhbXtbzunQKt8CgX4dRbk+2ks+rtfwlMrmN58e9Az0DstUMjVgU+A8U+Uoif9kGNJWVNFkFhvsJ1hlTipd9x9d8ScQn700TIyDWzMg5F6nrPyTjBE7Gq7dj8p9xYXtoDx8xeCpgbN1aHmIwL6nl9nha0tmtZKv+xxC6LiBoOlJ5AUqCT48TXB12iz1hrLWvdhOA7neCWcGfnXPKG5n8GtiTB/hMwyRqraalPvlXV2Fa2Lg/GApABkNMoEUjqAqN9dUudS0Y5r922+NkncdhMxvWMNEDm65m06s/7x7PQL1qCt8qwS3Y0pvOQgoqD3sYPFnKtgidss+Ai+k11YH4lpkYOaDRU4FCXWlYfVGf1Aa9POMRp8bd0WZ8y+0qoW8E07wZxtw2jebMcy+fd9PFQMjBjG0ha9dqYSyNPvvlsTaK77U2nQXUTaYtD07L3fl/ZpoGpZh1r7YWMnCrtmHxPEWbn6M1PMRHX2y/UDfDukgmd4vrwYqsWSk7VUoxoUSv6OyxcPuAqv0olk46U/r6LyoHFwNbBZskNnCoDGPHXUOLF00Gzi9kjdiwgMNKFfbJS4mDQY4ng0wq7za9TGGoHOuoD0erZdtWHT/Yp6iCyHevXBGM0aQsCjb8ur56TjhbL88YIyBdtbqn4IP/T0Ggu+suOvG1bqGMsNG7Pa1EWtsaZF75wXL2z8iickN1403Tz4Ub97smyuklQ9aEWAt31t3LVpVWjHv0R5sdE+RTl3d6jOOjainRzEin3gkPhXFvqJlaoCniEJy3NlazGKDPyDOockSOfsn/3Ks3FtuBzKJWFgvDQZjh6scr7hp3mRC0dGq6MpoKsfxjFr0pkXXTHElw3PCoOds6uxLin/f0tU+TD/Mq+nlESH5Mf892ok7EIFnswpzgf/IG/vTGyVqFhY2phZZPFD9aiQ4TlyainlPGv5h7gc76ovFLiyf+JrWM7FEkjLqF8+ELkxLWqzuhhmZq7ofle8RZWUv6DDRzSf6aPAApcLNb4lfdb6l/f5sdhKjfjttkkZbup7VDeTh1OpZBau8+gHN/BtUxQ93tOYko0mVhK/Ad8j6Y43IEDFU463yIwRy9YVm7TMxmFyzWF+MNsvd9lIp2L0hXez8f1AmOxHvIARUodYHAatXGAYMVso8iC+llJfnQnahNzyauYiTmHnsvNztBiGPpB7MsHgkXjrzzAnYIQXAKQm0Ya3quE14qd3FjaAY4AF2p/p4ProLQ7jNizGtgXUh6UKzdTofCIyM+4SXEV4HG2yuuP3cnThbdJ7K5msExkYEs/bw5KXzO/nDGP/a5OXVwWU0qZnS69tzJgJNnLvUQO+W2NaoiF8ggWaMMr58lo9sO/VIg34hwcg6MEb8rNfs+mAaU747EZ9O/BPloxj3Zo/MFXsqZZPb23NAzM8phzZqg4BVpnMdTOZLNsP7eDWZLzRQFe11q2U2+P9Glj5G4KjI/gQmyDca+D6kQeAe+IsR4uYulT095MrrTPtaUhXyIWXR7b+74eEnUt3H+2CuQKCgL/goZxBtmwryOHxf6DctL4vHIlx1ZlFVHz6LL/2+fEYlUPc+Ky9HLbwoj68IbA3cb9vckPdpJgaZgbf+S+BBEFUYt0XKbRoUD1sdNgnALh0CSGifhFlOHWA7haK2L0iD6ElGd4v89lyDTrDkDTG1QwI+aXKxDRwV5LU5lNpZu6F7YDXWHq65QTU/YTGMhSp4whRQ+N8t08QiCYClnDmPqAshgaSC4rJWWrI1BV2/+JPRIHMDd4uiRhbD63kjA7a17qVBqOfzGs7AgKKPdqVM8jmsfVaZmIjSCuNOn3vlR4DCVwg89YRgitCAOWW4frbnJlcWS84MwmQWVXqOkjm8jjGJsFu/WHCp7YU/c3rkPPkTDSByvOD66D8Sv2oHor+XK6EF1h+TWZP5Wuu4BBN1BEEjd1EolBgp/lf5RNm6mK4hezltBs3qWYPI7drmjkV5T3vxhkXCGShR+U/ApIaJg0fWPgbl/sHziOCiyMN3nr1OPOkMRdHJY77Hka2Nolwwst9UdfrCmVvHAO4kfuLbvjjaeAs19OFLAHAUPGDv6kQ5rMFxQLYoZRyciMIaTZYihHvE8IOtRt7cel/EBcCLettz7uw8g/wbq/xTKdAqWlcAZ2FSC+3Pj4BLgE9gr2Ts0EYjccwMckZANvDttlDfehydHMT98wtYg/XcesFLuUfdivE8x6qb6InJwQiTrZxUehxtoqLl5pPYGoqeVK7oVLiQnZjnHVB94wubL8l9yfgyBBjRT86IbcvN7vFIqa8MaNFlHVS9QegIGGQHk9Dj/p/8KHmV/j7WWpW3vh0eKD8ZZZh08JoQC0yzCAwXZMa6myKIMxFGEK0Z4Uj6LNsMOhoa9jpj6kJ5H4f/XVbog7/Y3BjbbXKNsPIOmzqk/G8SdwnCrXjAhpzm6RI83JDuAm3rtxBXPWhorpe8q+rgkgPfDhZe3+1bLNPPM9GmhNBFkad5OuuCIDRFKF1VrpPRIJ0MMOxFvynEVdRL29HXueIxA/nZW1xRsFWQ/iPetwuNuBPePS735JaSQihSiBVPc3p80eY+yUojFYFAYQ91kwExsPm7kecGlyHIH2Hg4ixwODU57k5VD69H951BDJgTKyN9MszY/u/9RF3zzJkjHs2SwKZM3cOHOFEZSgfsRviLJBiY4UzgjnRuqe1WBTp+aFvr7y7mqQLMss1RqR+QEZJqKlyxjhCHbz243aOejP2ymJ7skVzG7zyxdq0yxIdElCS7+v5NvPkK7dSLKtMDKDWGD+yDcnfAmlbP8uGmFeujbJ8Mv3RBysoozBa2H7zDDId0AwV3KKZVxa6v1NUY/Hbw/99vDDEztRYTP/u+8Oma9GjmHoOF5DGnSi1wutegd9CaDyzU0gOoX8HLpCGjLE5nUabwLLvBNOz7q2pLrmE28yOvDE5I7XgrA8tY8ObRED6F7wGY8BizDkedLtNZGVwMgn4YEbv78HzmwsqUt4BeJZ5heGwZCj4Vln/xIX4ECEcJ/CIUFeRMJM/7HRQrMOmF91SNc4hoId0ztoaV36pk/Yu1Xdqef+ZsOMTFh6JBplP4GcXg9v734yHDZ0Y/+D1tUQ6+dg0CEFeFHkqc7hKONFretVTa0w7okk7tdPSAi/5lFt1eJ/of6PFMRR4GAJQqVxBSNlk/ujp98yS66Taq2zu83gIDyPz/6xtmt6QOy2vusBCPjVTX9bDgXCsEA4toueMgvel4Q=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:13:24,382 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:13:24,382 - INFO [Shibboleth-Audit.SSO:?] - 20210417T021324Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_9i0bpcgavzpg466lo7mrvvgail6ofs2p7sqr|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_4dc305cff2fa5e776b6f8be910edc22e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx09RKP2aet6PsjTkiQMg/1HxJ62zrPwRnmCHdodMYQyPQMIMPNhWNOkX2WAHbg+Ry8sUEwysk6J4bfTnrMlc0W9O/895xmvhRwWIlGSPvju/Z18zPGTZrNJv1VAe44/YwnwdvACyy|_4a3d117b479ab90713da53e92f6d2124|
2021-04-17 02:13:26,879 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:26,879 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_7sdd3x2llf7s3y064789vutefwuqsaeqvzup" IsPassive="false"
            IssueInstant="2021-04-17T02:13:26.236Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_7sdd3x2llf7s3y064789vutefwuqsaeqvzup">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>uqaqVzTOTx1FaJreRw0dbvtk13Q=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ZL+COe/Y5L217PYGQBHgg+FzcacqYuXWy3pjlVgqvlBLi2ceD+raKRImyki6hpuNuQVKjqa5L5NNflMNtHlAR1qbIWJiSWFScaZiPxc+3FkYGpOXR1BQssvjE1mzIRpiDDqVY/zy9+ymBvflfsYwlrsBsaOMSxiRYwzeXPdLW4oTO9aGWiGSifPIwut+dKSSq0g+V49R/udN5xojvbwLpcZ9DHbDHK+7NQMq2DWr5b5C05pRExHmcNSwkET8frFKwMHrp6EWKwXMD2LxowJolcNYI75rAmL3Z6s7qZ3o8hwES1O+bu6l9skoRbysMJN1rbPc7APJiAzKID73ENhIeKrMzNwPax7UlYsWQlyGqD2TOOFGx9xyyfeEsnY6KgR2wzckL1cqiiAL+SyrLej7pFqJr3tmkmC0z2B7ceNormvpgCuxJkyjNgfbk0sZ/0zbQkLwZHCxPcrt7ZMv6zyTDrw0n5C/cU82m9SoiaB8mc4h8Q9EFqzaMFCCAtRACisJqIflrJ60MAdS3ASeztsRzAiCK+D7EPFDQgkyY5ucIe4pTSazETg9iUxGWe/i1pvKFJV8xmgEv4rq+IP2wEqJ5uCWVKLcPBW2TcIjffGaTqosT+X+Emrgur59jkx+2gkbOhATrhcO+pBQHUX1Oa/WzsfoWo0dkTqbktcog5JteLg=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:13:26,880 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:13:26,880 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:26,881 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:13:26,881 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7sdd3x2llf7s3y064789vutefwuqsaeqvzup', issue instant '2021-04-17T02:13:26.236Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:13:26,881 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7sdd3x2llf7s3y064789vutefwuqsaeqvzup and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7sdd3x2llf7s3y064789vutefwuqsaeqvzup and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
2021-04-17 02:13:26,882 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:13:26,882 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:13:26,882 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:26,882 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:13:26,882 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:13:26,883 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:13:26,883 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:26,884 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:26,884 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:13:26,884 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:13:26,884 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:13:26,884 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:13:26,884 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:26,884 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:13:26,884 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:26,884 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:26,884 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:13:26,885 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:13:26,885 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:13:26,885 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:13:26,893 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:13:26.893Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:13:26,894 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:13:26,895 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2128918794::identifier=rick, context=org.apache.velocity.VelocityContext@8ab549b]
2021-04-17 02:13:26,896 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2128918794::identifier=rick, context=org.apache.velocity.VelocityContext@8ab549b]
2021-04-17 02:13:26,898 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:13:26,898 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:13:26,898 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:13:26,898 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session aa14694e8399461c72504d00c87af703b63f0c907842c67429f14aeb80b13102 for principal rick
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session aa14694e8399461c72504d00c87af703b63f0c907842c67429f14aeb80b13102
2021-04-17 02:13:26,899 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:13:26,900 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:13:26,900 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:13:26,901 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:13:26,902 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fd1ed4756f5675a14edac833f085039e
2021-04-17 02:13:26,902 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fd1ed4756f5675a14edac833f085039e to Response _27608f4501d5c5f64d3e6caf4ba464e6
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fd1ed4756f5675a14edac833f085039e
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:13:26,902 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxrq8VNctongG9z3vWTafC8/2LJ3XtI2S3yC+nqQ9V7JwZRzrLjaIDg0+WUUl1Ti/+LZDraC9MxudJW0xHP8De1xkyi25XnzOzBhroHbGXJPArCYnnYDxJYszrBzA+bJCNN+hnABnT with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _7sdd3x2llf7s3y064789vutefwuqsaeqvzup
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:13:26,903 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fd1ed4756f5675a14edac833f085039e
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fd1ed4756f5675a14edac833f085039e did not already contain Conditions, one was added
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:18:26.900Z, to Assertion _fd1ed4756f5675a14edac833f085039e
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fd1ed4756f5675a14edac833f085039e already contained Conditions, nothing was done
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fd1ed4756f5675a14edac833f085039e already contained Conditions, nothing was done
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:13:26,904 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fd1ed4756f5675a14edac833f085039e
2021-04-17 02:13:26,905 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _fd1ed4756f5675a14edac833f085039e did not already contain Advice, one was added
2021-04-17 02:13:26,905 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session aa14694e8399461c72504d00c87af703b63f0c907842c67429f14aeb80b13102
2021-04-17 02:13:26,905 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session aa14694e8399461c72504d00c87af703b63f0c907842c67429f14aeb80b13102
2021-04-17 02:13:26,905 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:13:26,905 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxrq8VNctongG9z3vWTafC8/2LJ3XtI2S3yC+nqQ9V7JwZRzrLjaIDg0+WUUl1Ti/+LZDraC9MxudJW0xHP8De1xkyi25XnzOzBhroHbGXJPArCYnnYDxJYszrBzA+bJCNN+hnABnT
2021-04-17 02:13:26,905 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:13:26,905 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:13:26,906 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fd1ed4756f5675a14edac833f085039e"
2021-04-17 02:13:26,906 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fd1ed4756f5675a14edac833f085039e and Element was [saml2:Assertion: null]
2021-04-17 02:13:26,906 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fd1ed4756f5675a14edac833f085039e"
2021-04-17 02:13:26,906 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fd1ed4756f5675a14edac833f085039e and Element was [saml2:Assertion: null]
2021-04-17 02:13:26,908 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_27608f4501d5c5f64d3e6caf4ba464e6"
    InResponseTo="_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
    IssueInstant="2021-04-17T02:13:26.900Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_fd1ed4756f5675a14edac833f085039e"
        IssueInstant="2021-04-17T02:13:26.900Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_fd1ed4756f5675a14edac833f085039e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>fYCfATcE1dpSQ5uy2Yx62YbPmiX6WOBvP6H2j1L5vWM=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>D2Xhm9/c7JvesXjtcrOXKZJiXj4ketYtIlQw0jRXSzogP6SjqFcrgcc6n8TtEViYfxZI658ZQSn2TP+ZLnvHUmvCj/QdRCV5RFk8kfrtKwnbiU7++waKcfFMh5RyMeocnO+TbwpYOC+FL/Px8M9ywZLpYrUab0yH0o3qdCm9ImHtVmjlw1QuJo6tMD8GDusIwTUGqcIHJhiyRzIwS9xiJgWd8ZU+ze6okCnBEPiyecEgiPNBRUtD6Bae/kts3kvZ75HDKTz1TFOwU63PaXKLusWgrorzwK78Jv8noxKUEHsaTdJT6IDbs3kguIOZs3PcyI7wLPVCiFeKPJuoYtniQg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxrq8VNctongG9z3vWTafC8/2LJ3XtI2S3yC+nqQ9V7JwZRzrLjaIDg0+WUUl1Ti/+LZDraC9MxudJW0xHP8De1xkyi25XnzOzBhroHbGXJPArCYnnYDxJYszrBzA+bJCNN+hnABnT</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
                    NotOnOrAfter="2021-04-17T02:18:26.903Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:13:26.900Z" NotOnOrAfter="2021-04-17T02:18:26.900Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">3U5rTed1ylv6Fy3unKuJcXmk4pWKfqbzQVJ1R8OtM/Y=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:13:26.898Z" SessionIndex="_ff5d8521accb829f218f05960335e35c">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:13:26,910 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:26,910 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:13:26,910 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_27608f4501d5c5f64d3e6caf4ba464e6"
2021-04-17 02:13:26,910 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _27608f4501d5c5f64d3e6caf4ba464e6 and Element was [saml2p:Response: null]
2021-04-17 02:13:26,910 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_27608f4501d5c5f64d3e6caf4ba464e6"
2021-04-17 02:13:26,910 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _27608f4501d5c5f64d3e6caf4ba464e6 and Element was [saml2p:Response: null]
2021-04-17 02:13:26,912 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:13:26,913 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">3U5rTed1ylv6Fy3unKuJcXmk4pWKfqbzQVJ1R8OtM/Y=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_27608f4501d5c5f64d3e6caf4ba464e6"
            InResponseTo="_7sdd3x2llf7s3y064789vutefwuqsaeqvzup"
            IssueInstant="2021-04-17T02:13:26.900Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_27608f4501d5c5f64d3e6caf4ba464e6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>B6AZCG5aoSm6i0QtKLwpAOzMqRiuY3pUH8Sa7pqV+zE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>SHKKb3sNDU+lTN5Zqp8lRvPcUA3p2wSTmVLvKaq6IqAAiBEvsH7K6AmCfz2iPqeZu4g+GCjzkyPmlKz+dwISM3J1fM9GvZE0vk9VFfjjCejrPaQJJ/mKmUV7GeJukiUNNq5QoxFEz8srZ2bK+LPSQTodkgpPltIG7SWHKI6GJGJdo6kPa+0ZNW8Pz6ek05u4EDTNbz8fWOD7DW2jGw9qI2wQzNMGQvLqsK5Lm5GU5rMXcLECjvy1imYaISREotD1kR/C+gl6xeHZVyq0M3SLbUCr7Vr/CfkU003t41PFA/UGArh2Dr9bRPFFb8KbT+cuBbu+j9IeuL6Q5kuBVFzwog==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_906ce1b13ca93902f22da61ece9419b9"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_47ec860c11c06a7dbb607e2447491280"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>QkhgzLNYoygw24hcnUFjdJHP0kdi1ok18vHP32Ve/PQ4DbvcxBrt9Jg2kK4oxeOO0svZbRxp4p5YfMbdp7G3KUn29y/vUXJwoqcDTHAyJ1riQ6PQA8lcC0oYk8lEpQry1mPysySjcq4YvtQx0v+U6+3/hku0IYm+LVB+b8v+ZbRaAwpm1oMMcMaegT09HKHeMZ3JVMpPINtvt2zJtFXVC43pXyysn1fItCLSniUii/ul47wIr+irrD7quWD9WGaAq33S/C5aRD5hwE29KvAKtPJ7td+fx5GNOvjon6Iv5jwU8NxkP2UdsCyEsl3XwyUSpP87xhO81/5al9baclH56ISCJraBI3AfzrvBcSgeUNbaj0Q5hy1JbyWkWA0/r/NezLA2VJKmJ6nSaC5/J0TFhIpMF1KAj4HMTkjNxcwezCdLSX/32An/Fp4YHSa7CG6rjSOJEv6z6KYZOUaCG2hS1BkmDB+mo3PLGi/KHfiIgmaZQuCxLbgGt7VjPmRaHeC+jrCStH0iOoqh/fS37hfeyHNcprdto71ogOr2azvuZReacfSOHNEr1E44BpvF1UsSi9Ge3ew77R1bHjCq40mD09ksPYtxyh3qPy1u1919vlAbxYnjOeKHQQgzoQSzsQX1Cx5wn1Rgg+Pg4z23YPLUKuFpjIE2BUVaFn/LrKrjRBI=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>AkE5U187kTvIBDxUy74rp2kkMXDDZ/ErpfA57KE7UZZaGREcNucFo9VWwVVLcX2XIfBqGVPQq1qZxsubQ9O2aYbf2x69l0wiSjzXepa2G//klNviYJII52HFeacPCLsevmWLwBwFnIRgx2/FNvZagOcOMnVBrYd4KckQxoFCdPMBaiR6Du7y4ZI0n8sHalB0hAVdnQTR0T368gjBvF6hXltevCksUyn7cd8MQpJPpA5M+o6TRTIzfuEIKNX0L+ZZRJNjF/8d/Zj8M9L4IRSQOZjk/kgjxi142XcKZEx9wtsUv7fXcEUbQ3go9jIknUNWZ2cVzPZP9NH6yioo35xfuvPuxhFZX9WTsCopVcPuGKu1AmHf4mmpCHoJAPS6AsH+eUAb8VEeAiG79aviGfKHwgHaCtn1zPwE5tp9++asvoiVqoxGrjDjRmd77Eod6uP1GRaoA/2DVuwU8Ra73rr//iA4OipGx5eacZPYhAXn0NV+jjHrWTVEQKUohdYkkClSmYBdIoYEXJWVROarH1hws7/MGBFuX9eEzI2yWDNwPUG9Xwlt4risP9c7CQcBkXl3HSQEGx8UMIau7y/2WvQ0IOYuvOalOgvE/1GPBLX3H5PzWU+4VQ7fIJAQ8l1Db2C1X2/fxzYkFDX96Kgdsd6TSwWN2Z0nQRGlVNtz5yZLf+PNOsroVya5Z4EFAIDYBj9DHwthn5mRfL4sQ0UyNejT0taydOiLNDZJ9G+4XozjxrvlWl+JArRKxwSyHqf/z3JmSmnnNeQdqPZk4005EyZq+1Olee6ff6ESakgYVl6Ui1vukjYHLjvQ/mVY6YbEsL0/9oNeXutaDJFsvOGpqsj714WYvfv25INjp+n4YzVx5yCQv74V1ouEBdRZ0gN1vJHP/zpIZL0PcmRMRmhIpMXeecf1ayKV3qqKaS+Y4rbyzFMsKVD6oIghw/pC4WEkDD2rrWbZlNX0y9vrOD3Qzo/VmqO1Bnk7H3jWvgm5ABkOrZoRpdkXJ04Ell5ov8vHFQ2tMyfSgksHqaoNSvEj6eAT3WAMYcONe7LFsL4G2wts8YjCS8ahLmY8CMI7cbiVSleFQ1X20c9e6oGLfYo8N4rzdZ/8eKtQuvY+HbU6T3UVaRdzMRf/zwxo4a2fWKDGXnpsFkmb5quZ34ySG7dllbTfhUWthzgfyZC7BUEauB48buhd/Ca2SqhLAG+79itDbl+p0C21393UieSVzEOElN5qQ1+PKmi7nHLCFjdlS4M+itaf4O+RpW961j1TUrHib2mNkSVayHELwKLotGye/5RkZNJlbGbXvj5gHg3cIr6trC8S0YIq2jvbexYYIzl2p4T2zK3KksWMHKqfcY2tktGprVYc7a+whJ8WeGKEjJqt5WfanI3j1koQfIfUJlnk7vVcTXvprGOIoX7zG/MMzWe7Nlp7atq1LKoSPQWyFqqfJFG9KGS6Sc7Ri1St6a5/CPhnKrph29VJBBvYysS2KSH9GCvprvr1eiMxYojJjASdyUzlbk86KlEFHD+oy7FjJBDkWvFSadoYANQHBGpswLHeNWpJzZEKSMMwG1mDkB2V7IrNz/nMJLF3hAvWJS8OVDPzzPYFVTBxcyhRf/LFV1+TVG4YCsw4+IFa5sEoov47uMsPIWFpIKIN9QaGkGH36ZGBUuuv/V7z6tzLPq7qZonUHAaUsbgCO9OMhg6lNrc+mavIwLEikmk1iAuoWeGG9PfDenFSXp97ZVCb6HLPuVHpv49vXg48jH7urJaaeRYQzkn9HunNGgYtk5VnHK3Qhm8CwCAV4yRPCPyE2BIvHdLfLRyvM/5Yo6zbO1Kw6XEfvmWgnVOAP09iFBwkfkRBM1WXl3KYidSuakpmwEDldpmN2n50CCoV5CnAt3EJt2u/prJwDejAlNXegssm+Djr+JWfau65BMLfrEm/5bIQxc/2vMwxV3nrsPJocUuSXbzBjTixvGbdZjl99DUH2ljfrPZzNAS0hTGroc6worcGH8w3n74qgqcJXR0GyPhCRnKVeZPLAp2vDs1uFRN6m67wbLQm7v/O11qOc0zwizt7OCzhj4eC6pKcldPiks6KZTuIzSoY5jZLIklUTQj8EkwtQweMIAUVY9gmJ/Gf+7jz7RD5sv5OHyQvvxYQe5yDdaRqTcvqyBkadlDwTJ4ICrnGe0TGqaUlk83bibp5PNjvnmKQAN7e21si4j/pSwI/Ur4SGq0kvmGbECrcr9PuwsJnqwC5ya0itgGaesGp/+cJFI0TZHmy9IArDjNe8zemlkyLT6H1XmdUrHCzH3BOG2x75iu6GkKWjmz1XgW/s6ZTBVPVf2cCVKC0SQ64gJHcgnbKuYwPU8l9ybx6WIczqwumlKETZJSupwYw7nqqTSKycXhzF+U8byqC6P18EPiZthoBVVwxDvfPI28FBBsDaI8pyTX6VRpZzxKzcoUQDrRU/7DoMypvH2/GqXM7h9QOMv9ZNd3hlGJ9VZZOp+whfc5e6QcJT7+nWlUXTeHHWPE9aghQTtumxdQ1J+S9tspYsGfp6NMuQpWTiOGbPa2ND91NFuhckwPM+wrWRGhCpMKcnWdVA5TzrX9fINQnR8kxxZlXVmdCUuFtZ+7wmytllaCeutn5i1/DI1PQxsO9k8ZmYicPfZ1AZqDjHeFTperXx8OXQAa1OrinG0IX2C3vD/N+BuDOUvQHUtrJTD+fxn+AzxcGnXVYWEzufXPJLwK/XEka5Ch9fYI5jxiSnWiFLQ41J15j/3v1xVXt/f+MVDE2pUupAwIa4y4uSX53QMdbFNoiuzEGDoZlH4TFK41VggkkOz0td/bsAjNB2RK0jxrfAqCqsZm13SEFC1n8QNcAyTQjoP4xCdKNzOmuEMNgFC0jO/h8PoN0Z00RIDl1p2TzobTyIzz2rbwCqkKqRDBtriVy0W7gTW72eFcU+MvdOzLp+V3LElHAiyBBvQsbNRmNBNznbB1RbuJcUuQeY9qNiHAKhezikyrii4APe4so4Y2KEw5/cod3BXuaViCeKdLkI6FS8+Yw+4uV+H4ypV5JVzjXe4tC9OQyD+YcBH6ggsob6RFyvQoIPEFxWYU1pFGz7q2hcPAlHYmNDuwOwEPQjuO4m/4t6CnqCpLQCsSfTnKqBpBQESRROLKweCRM9W7PtOs6xSZ4baojfbs2AWY7L1b2OxSqO9pV+lVkr49DOU5Yl4lSeUnE/Z55rJFyRKs0oIuS2v4nJWqTxO/gmQ/3y9Ja5shcHs1LdlYq+65mh+R8LOxKC2Qzy9hTH2txHBu4fW6TxDAHwRTmV5AJdsI7aZsr7yISo1R1/r1OiUbEqvGrZ4U0kuewARLPxljoc8+6liBFzJbTbizvzxvoSAeOWAOnt2dAMEGhYiuch8Lz47LnQpbpO9OOesx+xX2zzzLvxReCc2EpkorMPKNMbrTlJF5gV0ObkfzeiKgcuc3SZ7i/2pGCCV/FzcS8D6Sz76VmIJvFcfcV+gYy/zgc8SFr3ag0n8TyTZiRV1WPOrsm5KWKCTlDEmvguEKZFX0e/g1C0WXZNpKvCAoa1xZyRWK9EHlTMHcFDhtpSZr32pjBJ7ueHprHZn+e9VwDJDQH3EJ790GGFhPlsho6+tE2qZpPeb172+N+mViuKNS3gj2p4g3k86he8j2v48USy7AvRQdF9NncGzcIa+91V+yeD/W4zAtP8wLue7zszcwrrHxJH+Pe05iwHE6HIvho7PxVhPmbkmEsMZiI3GDnHhXTCbINzrwdTUlKbfoeXHZZILDRpq2Nof1mOvvVseC40MKMaWxnC5lSfUNdyylIfwzAm6yOpcsDEXQ6b3dVOWgm9C8oWEKuo2qM1YrGMi89+t8HFkeG1+ix99qa+2mGauAMt8fj+uL52jyY5IaUyKij3GV6KdkpuNr37DqjxSDcoeDK/suNw1NYtiN6v09n7Cj+syhuvmuFVj+clEglIsBrxL/+2aYd6aRvmBovibLtlshLl9YI7ixbk9PChCTPGLrgi1vS1SXLokuX7vwEUTWEpnMnRueH1ABBN+j0I5QhNjCuvUU5AXfXlOZK1fQ0PEDatylBLUAVxbp+VHh9UFuC72vyf4+TL5TuPwbdEOUZsjtD54/sFboxj61Zsqiu9NnMFtV/Npot6AUEeV1cGloo6pEFlgb+UMASNZATixERT60nMLfwS3EnCyS+zFtAfy6ZTfD57G8n5eU7BoEgBcYTmSIN2FxHmO+eHINGP2T/QJ0zYnbkE+r1UoW3evGIm/5F0DEb5mbMJiG+qDz8KXrr0WLNgpm+z02yKBPqTLnJsDe684Z0I5SMiLHX0tyJjPJ7zgJbk8Rt4UDEg8Y+dSWGK0DLMY3PxypyzufPNVUgZtnL/XQXh+M5TYQCz6jw86KdNvk7UWm6sR70f4Xskf7I4iKolqZEnevIrmmFXSabupr/rwG3sFQJR5HdmbyUxRBAyeULOQQw5BC72Rq3gLbjhFXx2KnQNgKVQb37jXVMbVh9vwA+rGsEsigZrAtLT/pbMe9uI0uMJVR7qZnFAf8DlwiDwzCj2VpHLMBd5NA2yyumcCxhP0NugKucJM3iaEgIVN8Uwx/3S5i0KeDojXaRfif8r2m0ethnABa3VsExeGTQBcTn8ETaYBuC2lZJu4yUcrpuUaZMlWmhfQDkEVKLg6wWUb/Ph5M96HoLkgnOHzrPe6NmYUcPKM1sAddb0eqh9yI/LcyGeAhrT7qcPdUAyomhTExz6WVaB5kY1nj7pW2tfmE8+qqEFzKHR/1x4/MzBOwe7byU2Szom6SBNz6MCSz1FGEZ1d24KGd4jziteo+C51XhNktrpyb7w/KpuaDMvSOTa1oFG+2FrjkwJvvRSyimN3PJ8Gvgd1raECfoq5GvMTg0byuxUprjaN7hjobjjugjIguEP8KCS0JKTC8zD7SG/mA5GtNhQ4P88JuMGuuyi2Kh4Wt8okFcXwaYgf1qKaK1DIEfwuh8NcCsYf0Aj7FN8PvpCVDXWXQb0TXqmhx3dncF6fjid0TtAJUUCKFXzHXjYrKQ/JyNe/2fEWycD/bkTRxwPOJaSlVmVkiK69NWYwb/bjFW1tOubxR4vRYuhl4Zyby/zES6B6psrEpnqw4polj4hM6+MpuLkbf8lSC2YfL5KIcy9BCT2p2MoPIxRtsSm+OuBgnPQ1zpIqASsCQ5LAoVJ8L8aJTzWcFzJQ19vDwrnrqBlaVgP//I9PtyOWy4RZHeKkQd6FPGTe1ZnvEkOUysRd38U7SbD/yfxhAaRSn2B4lYvW7U+EOAYtEmLKr0PSO1qHCIGLm1S9wUxsdikGVzOJZC6nAje6G6t8ieqcuUXZA/X27OD6zTc4hZ2Hwv9pxIia+UMmN4q9jJtL0pmlJd7YSuJiFEI6hy4e6VOTAvZ6YhkrQmQAUR5WBJ65aJuhu8qXC4IqoE2srSrWZrJ9jjzcqKWA6daabkGJMJNiy1HTPiMOO0wjDF+Q4fWzZh9pPCLdMzc3+tGlj9YYuS64mOWS7uIDda7Z2IoS7YzQVKzmzb+7MdkGlv4nBoK8r4avLUomjJ0qutg5O/awSt5z2KFHr8Q65pePOvk+APCKPu45oAu1Vi6FtIjvQ1agEpecUFNLnvSb/KWliKGfDIdeCRy8Gwr3lfNFN7psxj7Vuq0uvaMJ5mitizzMKesNrd3y4QAa0VwC3646tmUSwg6u56Acr70w4/rwS6O34O6Ta84prYZjRIlvAFvOzqhNhwT3aaw35C9G1ZvKfFAEwAkC/PsMJODBDaUbjpjKx6DyvpGt//FdzO7yn35HeMnSi5ve+a4N2/fKgYJ5OVk7vsGlus3SC9MmKfCHvy6vqmwsgr5HzGnJ80oCz9NR6w0ZmhTg1TSDsh/ICyJpk2//5RW1DNsKzx9cW3+uly19MVTGtIjg85Z+o/+zDpPFMcz9/TRBe6vptqcqNBU43qq0eAA4J5hKg1rZ0snk1gO7u/NmAtBv8sWuof4yi6kEtzkbNcuv5EJ/KiHnFS7NgVVz0y7nbdXJKVF7aRjiyc1wNKOQwy3RDaLPM+KAyE/3m1WhOt1QwVo/sRWMiXcjT3PH5mCrcAngmjUaSAe1vyQWtxm5bPPEVCJZmMzHr5wP39S9/LZZwMK8Hb2AiuGMt4c021fAKkONMpfJp7oIDhA4r8Lw4FG+ZzvRjUZl0cO92nD/XcJoXTWqvtwLjupB1pDcjL4uZZsJ6nZnJJC5U9YuYRb8hbryaU9Gt+zdW6/l5Q1UGSP81/OOaSTOZqOC6GyENh1+pR0J7XL5UNJSODFH8SmnkpeczPaURn8kybfutl2gMxd8XFNQ19i16ilorLT5rFvMUtsm/5qsEvfeaEd9uZMo7ZDLEYFZ5tB/A+s0fnn8nrI0R1tp/MzxfBC84OGimwkg4m9AEoOfMY4KgxVYTW4pmemktRJLC6DIHUDKVgSd9h1E6M5YtmqfUMCVmzTZrtAK5FPfwzggw55k95MwBo+vJnTpTTkPPBAwDg6FdyB73kXq+9p/Nxs647yIPAWdXTyUEmyX/BO5M0atBMiG8P/gUPpjIQ/d39HwAXMoPdegJrCErFV4pG35QuSVQ/UxuTYaatfIaTjuyiB3Co8cwYhMKFN2/jFGyZYsUxkdC5K9ZgJ6EplnbtENW2E+MBnfBF6gwDPxVj2LqgZaRtDsSKJsrThOptO3crs7axdvoM/V+QmfNUkd7ICh6EwPf3j/I5+2nze5HDmgyIVxLlDrQTK/tI4SrMJb88lXTFmq/QVnWIFkkblnNvn9OSDi+xcRXsRiYlKxHKh69HtW0keKSeBx7Uls0Y/LE8v4LthLPxPvLVUSohcO4vS8JkXboF5yv5mq9+sdykQvScabGWeA+Ca/gAk6MSs8sQgsWfbri4dWCfFTEVJh5P6/2VR0XNOt+uF0RWqP2ciK7bAhNu1t1aMHntlAg1sdufoMve3tVRUDlKEhnb7dBedK35MYcvvWhJ376HmxdLK9XMs3lbqVgYoArg1xkIJmkBX8FXgCB5CqStvzZ0HaWglCmIdKBRquEUPSWS23pECpoZxS7qZiQsPOJLga7t8SfEwg6lHhO2kFrR9jEAYuLs7ldvsFQxrnDUnBwcREFxo36Ev+eJXN+kGKBv5131n4+xMLESFeT3m7EjBAeB/mOvxTJjd+CfXtuf2SDbw0/Pt4I0dx2ys53J8ggQWhQ/3sPlVW17S2/3VTXvJ3wcJKZDmyuAnh7e1QEPaYiLrQa/JM+gDgJCrafTwOV+hRm+sLrtXrqFbJ5F4OoIovckMf1QB68DdQgr8+/0Hclzcv4Mu4yWmCYoQcI4wtMhQG035e9xBOoQ8SYF7sz2vG/+AVPg2wkVJsocUpnCYccxBNsxjCquqUGHiCIvYHd9hdMkIwdUJ67dyI3gNjTUEBnS5Wgz/TOSJ7JJUJkQbIyBNXM+N4hGLhy5h85iFocsrCRe3FgGG9wgIXp9gLsZSVinJgZxan7snGXr+39tDKH89UlVx5m43zOrjSIdYXYFN58Fa49+qZcvWyosv0agde25klCQeZYY3q78nvqEwhu6waNTxiSkEtbALBE9KUlxCOPs4HkCFruujrbutpPNlkSVJGi9r0sup3xB1TpCfZWPVFcU/weCWi2KqhaqJCjQt1+jY5glvFNWOhPS6d88EeQhQXJDyCIF/qauaceM8fFUrQpSxfBCRAN7MdtIs3cbv7r3M2BTbUFoqmQ9eZ/nvycmXjOZJan5VgKdkMSGqZZV7ykqkWUkDucJ35a2l4TIQUMelYKdY1uen4w6hg2i+vwgFd+2bF24YblumdpWq+YjmtB6MxvUJP3gJ9iyhfS5wbaPahQZVNqB43xPd6BoDsvCgAB833OVGhoFPJ2NT7n0M7KQTsOQConRubTnAIDtb747Q+G8hMQX7sNtOIz5D/x/k9rzEzNzUnKhuhIHJ3NfQgRFhLceL+V6+EOhztDkasDqlQeyJMEKL5CNpksXnidlpp1KWKbUfxuqGzGPEw0SBE7Ppozb/b1Uu96WajtXsGcFGz7SZ280cxSfBS3JlUgwqn47pNd078Ahli+GB2fUQlRqmxq4pd9KvGamkJRZ/6buzGiTEMEflghzd8BwUzU3ISKWtiyZWUfYxrdBDMymFd9fg9pO9ZBB03gdF79esXPUlZa1AhX9G2oHwBAEjHL6SuDvmUsK/vYi2N08GOWJhf+2KGg+wtmflYk3De8BBBW80jL4HQEcdVfGPuIl/HbHUPA/0O85i9znD3sWWRqDflNhBBVSpJBiBc+5HRlwtOXaxH4nP92r7Hu82UV6KfA1yV12wYlfY0whjEePh0daR/zKx7wJMZmLWYMyEujjo/BxTmnuqc5BGQp83OGGzyVDMxdVFcgo2gKeDmN3VwCcyf0DFCnR5erHGZWLnMZG8T4JZh1btyVm6sUhalp799q5l87KFpWLM2r0tDiqYEX5xmMwFkQkecChG5olLQFGkC+gt0vJC1YrtWcmWt8NtkQ038BCuX0oGVx7mYxbN6FYdvvvnmqBm6189E5/Cc6vTfMNHJQq2ztJNv8wlIfzfK/f8q4=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:13:26,913 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:13:26,913 - INFO [Shibboleth-Audit.SSO:?] - 20210417T021326Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_7sdd3x2llf7s3y064789vutefwuqsaeqvzup|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_27608f4501d5c5f64d3e6caf4ba464e6|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxrq8VNctongG9z3vWTafC8/2LJ3XtI2S3yC+nqQ9V7JwZRzrLjaIDg0+WUUl1Ti/+LZDraC9MxudJW0xHP8De1xkyi25XnzOzBhroHbGXJPArCYnnYDxJYszrBzA+bJCNN+hnABnT|_fd1ed4756f5675a14edac833f085039e|
2021-04-17 02:13:29,989 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-04-17 02:13:29,989 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-04-17 02:13:29,989 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2021-04-17T02:13:29.989Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_9a8072ce-b1f5-41cd-afac-4f84e84f84dc"
    IssueInstant="2021-04-17T02:13:29.989Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-04-17 02:13:29,989 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:13:30,006 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:13:30,006 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:30,007 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:13:30,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:13:30,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:13:30,007 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_9a8072ce-b1f5-41cd-afac-4f84e84f84dc', issue instant '2021-04-17T02:13:29.989Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:13:30,008 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:13:30,008 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:13:30,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:13:30,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:13:30,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:13:30,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:30,009 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:13:30,009 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:13:30,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:13:30.014Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:13:30,014 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:13:30,015 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:13:30,015 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:13:30,015 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:13:30,015 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:13:30,015 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:13:30,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:13:30,191 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:13:30,544 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-04-17 02:13:30,544 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-04-17 02:13:30,545 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:13:30,545 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@140976147::identifier=rick, context=org.apache.velocity.VelocityContext@33bf6777]
2021-04-17 02:13:30,545 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@140976147::identifier=rick, context=org.apache.velocity.VelocityContext@33bf6777]
2021-04-17 02:13:30,548 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:13:30,548 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3d667c603dd236f0a951964ddf5c8ab582649a395bcf97d20af43150e2201e42 for principal rick
2021-04-17 02:13:30,549 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:13:30,549 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:13:30,549 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:13:30,549 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:30,549 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:13:30,550 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@28e6d53b'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:13:30,551 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T021330Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:13:30,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:13:30,727 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:13:30,906 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:13:30,906 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:13:30,906 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T021330Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1650161610907}'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@28e6d53b'
2021-04-17 02:13:30,907 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:13:30,907 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:13:30,908 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:13:30,908 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-04-17 02:13:30,908 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-04-17 02:13:30,908 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:13:30,908 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _507360282dc439e69622658ea3b8cb68
2021-04-17 02:13:30,908 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _507360282dc439e69622658ea3b8cb68 to Response _05bebf1ca0c289f453fd88025a077d2d
2021-04-17 02:13:30,908 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _507360282dc439e69622658ea3b8cb68
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:13:30,909 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:13:30,909 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:13:30,910 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-04-17 02:13:30,910 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxmGx4ug/h585HXpK/lXSqjI9Cr5q7Jnc92nhlVgbVqIhW/9dBjSbktNYMcNElxUf6xbWItBnJkdpTo8Wd4HDfndDMFJ1gQZm0kf2fUSPlbsPNGucxuAHTkP8LKBmArEOy3rxvQree with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _507360282dc439e69622658ea3b8cb68
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _507360282dc439e69622658ea3b8cb68 did not already contain Conditions, one was added
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:18:30.907Z, to Assertion _507360282dc439e69622658ea3b8cb68
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _507360282dc439e69622658ea3b8cb68 already contained Conditions, nothing was done
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _507360282dc439e69622658ea3b8cb68 already contained Conditions, nothing was done
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:13:30,910 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _507360282dc439e69622658ea3b8cb68
2021-04-17 02:13:30,911 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 3d667c603dd236f0a951964ddf5c8ab582649a395bcf97d20af43150e2201e42
2021-04-17 02:13:30,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 3d667c603dd236f0a951964ddf5c8ab582649a395bcf97d20af43150e2201e42
2021-04-17 02:13:30,911 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:13:30,911 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxmGx4ug/h585HXpK/lXSqjI9Cr5q7Jnc92nhlVgbVqIhW/9dBjSbktNYMcNElxUf6xbWItBnJkdpTo8Wd4HDfndDMFJ1gQZm0kf2fUSPlbsPNGucxuAHTkP8LKBmArEOy3rxvQree
2021-04-17 02:13:30,911 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:13:30,911 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:13:30,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_507360282dc439e69622658ea3b8cb68"
2021-04-17 02:13:30,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _507360282dc439e69622658ea3b8cb68 and Element was [saml2:Assertion: null]
2021-04-17 02:13:30,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_507360282dc439e69622658ea3b8cb68"
2021-04-17 02:13:30,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _507360282dc439e69622658ea3b8cb68 and Element was [saml2:Assertion: null]
2021-04-17 02:13:30,914 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_05bebf1ca0c289f453fd88025a077d2d"
    IssueInstant="2021-04-17T02:13:30.907Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_507360282dc439e69622658ea3b8cb68"
        IssueInstant="2021-04-17T02:13:30.907Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_507360282dc439e69622658ea3b8cb68">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>bQlEVa4drn+ntf5Zqk6GOB8aLdfcxZj7dsDr3q0/yRI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>MPdsG6WXrnv7DmP5O5hNT192gSqfEXlUttFMu8MlkrXAP6HNwYxqF9sqtzUJqz1GfP22ebXGQ/OF/QABCpvBrfwjRrjFLtBS3sY15fkZCS72m6k4PQJPQEsbPIyVLOz3AVlXp4RwBTmlokMhmshByhsAAodjMgDTmQvNhG6sFhf6BwPdpGq0OIzPc8YePY5smioOfrqbSkAfaQCRFcScKyFGJ1D2qddmxzV2T2sMB0KumLWUvd4IYMmIlEE2IL7W8mkb/C0igeOJgg7/nb8LfKyqCLacszVwbDZLFkkXV41lJZru0STpjIqu6J3vXd0IIHhmc6Iy0S6FkRMIxSXwlw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxmGx4ug/h585HXpK/lXSqjI9Cr5q7Jnc92nhlVgbVqIhW/9dBjSbktNYMcNElxUf6xbWItBnJkdpTo8Wd4HDfndDMFJ1gQZm0kf2fUSPlbsPNGucxuAHTkP8LKBmArEOy3rxvQree</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-04-17T02:18:30.910Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:13:30.907Z" NotOnOrAfter="2021-04-17T02:18:30.907Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:13:30.548Z" SessionIndex="_147fadbfb6ec5e98a0562606851c8e73">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:13:30,915 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:13:30,915 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:13:30,915 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05bebf1ca0c289f453fd88025a077d2d"
2021-04-17 02:13:30,915 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05bebf1ca0c289f453fd88025a077d2d and Element was [saml2p:Response: null]
2021-04-17 02:13:30,915 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05bebf1ca0c289f453fd88025a077d2d"
2021-04-17 02:13:30,915 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05bebf1ca0c289f453fd88025a077d2d and Element was [saml2p:Response: null]
2021-04-17 02:13:30,917 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:13:30,917 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-04-17 02:13:30,917 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:13:30,919 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_05bebf1ca0c289f453fd88025a077d2d"
    IssueInstant="2021-04-17T02:13:30.907Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_05bebf1ca0c289f453fd88025a077d2d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>ep/XHzOl0JhQPZhHVZKxW2usDn7fnGB7wuNZ4ybw41Q=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>a+iGQb1L95K15h4YO74bUz4gTpTSS6EvhL8Mn39QlTs5l/sOIyj9Elkq+iRuH6M+7z2c7H0UKal0/zI/kBsk1c38LhRd4XbL5tJ0Fa2NsAcaPpB0Pplj6Fz6rC3okF7YRqzQDZCdp074F5yFIv0rucF5Es6qjoZ1jTxUukDsmXsF0yNsb02z0wdnT4qpI0sTynqQnRxjMc2D1Nn4NyrMaUVyEHH/eTZfdTsYJqyg10t/2G1KhxJZ54kJTfxakXSxst/H7JFTvvsLQF6XbqTjKf2uk99nmHSyiqGwr0/sJqdOurUkIfRe9vqATD3q1FWkbxQ0I+7O1s9FNsSU0BA9Ng==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_56a496d98077ebf0501ab8b120ee2927"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_bb60d309c717c6cb6537bde9cb30181c"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>KWyboP86nY4RRQDh4GI0BPtWi9ifJa5hNMveWm2pH/5llXKuGPLfF46vt9XSK24ZKy5lV2GsTV7gyribMp+EQ2OqArPKAC6K2oaMk9sLzxDIG4S6THzqelssJM84R9SbArTuaNMT/FDLmW/cOXuZ0/M6lf/DPWvEpbQq4L2M5ckqud7qvOJIcLyPoNC7GyKGjjkc54rv3sbz5Dwyh2LZGzwRLlZJ83o5WhYe4M39of0a4SIqDV9cRC259gOBbMH3f4JMCm+wPu+Ldb8nrSudDcENL04yQRmTek9ERAs+fpIVo9Je8GgC1lSDR3Ig2Y4lIJiiXozDNliCZ/nKCMIxZ979Q5r2TAtS8n29iOsqvHx2J8HH/VW8mJFqJsM2KtMSNxHngqomputyfz22xDzTLcZ9988apo4lFqKPVdWhLoeYD0mbLx/7/S6z8yN2oksCC6sJ67lN6nabniUeqZx2J/m4KmexEIWQ5t5sGZsRiwYHKJ+ssBBdOErAJtCqzGJiaS+o3BzBnlhq0ZML44SjMj8Ex5/NqNDq8xevE9dXhf5NehIe4T5H5jjuzun9iD19coGYCqzBRBpCLvt6wseG2uh2/PxF0uhZutTVE2zmpcxwTifEC3h+eqh5qZBwoo4UzHpHI1bPIIFI2LmtkVp+lXmwE6I+oTknn6alXG6D3IA=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>mUMybo9cXpuXrS0JUA0WlbGIVwLZ2vdZVdI2JeSYrCX0gId3oE4L/4nRd0n57PluGX0yKOzWJXCyPHqfKMOwRFIZYW9dS7RbzoxzxmHcYaeOVizNRyetI3kXhfKUs29CtEghfBWlKPj8zi72A374EPcXxC68fWg60xzgsyTD6VTqPL0+WV9by6c3AIh/kGaNaTaIMSwYZGGd3NBh9iUVvqIruENES1EUJjWmb67lpyv+2ezFQX/fc6AuARfTnXbRXhd8zmSKk5s2tBXYMioSoT7rfdviwtS5C06uPqSlemTZG2Fa30mxO8a9CY71H037RnNMlQK1QHRMxct4iOC+2d9KiG9XWSQ5o6QRpiEiSGN8QsQMskWilGNBc5r5pr8AOrfyrc5GfuuzqQA/Wy8BmIzrM52Xof19H44MIAhwMazRst5JMJBiyzVF7aZTgL0afdAS+0H2Yt8mVvl/S9Jg/LZehKdPRgtjpWIuCNr/F53uvht4a07CuF0DiG4EB7dd1KIaHKoxv7kAE77P7Am/ce5Yt+UTOhghtfizVhQP3auyBbjiJJ7ixueBOmkF/k2MtVKzX2DnI66KZcuTGLmTW8003NmZ6jj2Wj/cZRXIwHJLoPmlrUJSogMApR5s7X+5OQpogNeNm+91CUG7mMqc11r90m/yFMJ/Y14EQTMsUPteCF7qeI3vORYsTWE1PukJgwIM0iUrRih3YD1lO07TR63Vf4HlxTVn+EwQpY0O+jC+Z4isi2qGUi3JpIjuQlJei8pM8uL1WUuCzp2rauBBg5dOCELE2GStHWO3jLzHq/4nDhN8oZNLE5e+hdIRx4izwfHDh+szyerLQjr40XgghHqw+3Kz42AXnBL2TSf01ZNHZnRHhztHW0Woy84Qq3wRDaoJMRfM9FWhQWg1N93Ioxm2U6iwo6J+ShqjfxhPA+8TjMvkOIYrh54wHnAg2oRXgdd7lGvIHaxpGdrdNFRf5lpQcI4TmeeAiMgCnyhU4l3WiqCZHk56cgc7XC4wCz5hacCYjh5890erIlz/rCf+6jMvzL9rPLFIWaJhWs4cMsRV534+7KTwYwIXa+4LGXqZORU3PSLQ8MuRaVafTDFFAA/8iwRknFCSA9ddCr8Z/uKRtc4xFiltI0xlsN2Rt8VqzMPNrb8sw81+R8lu26z0qpdrEP5kbxcLMutG3ShwRT0syuIKHXqG070fz720J2MfQDPFk9o6VgCL8xuuq4/2WwrD3P17aTPiFs+gg1o0p5rwJCesNYHzIx6yg+eIieKcm6lTNqTy6CKcjnklj7iQVUTIqq9xSecWdcALqTp0d5Sbq/pvLKcGdyI1J6V2FpKnJI51Ekep4pGe8BG2GW21MC8nXm86O9dVclozJLsQ67YtQeRJtlRU5sWfLha4p6u0Ts07dZL44CJFpKkFXIfDB3AVJhYr5fjMYb2r3405LFcsWo4ViDOJ1a0FLxNJ5Lll6VRXMWQRO3piaAP4yv3FRCRagsp0/QhCWx1nLIb4I9fuJI2yRWvWFtI/6Py267oKjcbnK7QH4EXBBPsqjwFSC2FJeUU8cNfkFsf2E7JzighBvdTIA2kUoDpEba1YPK9EyCed4TRCEAMNp1XlYIPspFnMyJhN7F7UJUGSNuRn+dtOFjbptcVjFTawG4/M0CAfL1FgsNnlREO3AZjIYXBkhgbbT4a1dHyiNA7hlDX3g5Ulbu67/Yhyn/rSUyyHbS2Ihz5sSw9uqtyuxgG0FJiSzKyPb/XoXg8yUq0MQQOuOx9ZU9bsvfHZZvEPYp7VuIhQqReAC85rET9xUISI1xj8+dUdOQlTEEl17Goc/oRxkM/poJG1MQWJv8wysra4mTFRIVOAuQg2toGv2Bjj4x6XaRTaMEcJiJCUDi+ExN3fc6flr/Mf5wQOgZ5WXyfC6BZIlsjWWJ+sJwcjSNnb6W7pcBa/PLdHARwpnSD/zROJ0WwOvhGYdOuU5DeB86+NGpfSF6N5sNzAumkKDbG/RD9/fTPRq5lWRFFkx6RW8PbW95xGrHWwFLZSE6pSSMs1MktmQXmiUI76b70BnhaVoOrKjP0SQ/gM3o4PHRydsofmwoyi5KDhs6v6LFgzNySsj3y0Oa78u0UsXQ5fYwMHJ+M2814YiSzrUUkPrqvBmfGfbpuGOCRxiIb88ZpLlnXxCE7vdixbMWBZRvIvcvNeL/8Tw0QqKwytswHYkvMnH5UARtsOHpkQB5gn41p9j5PL2G2qYVzKbxI38JfKqMAJNfZtFiZjpVnDBEwD41xYlFTS2TEBQNLP4cSm6VXSQi9K65Lx/BGqzW9TuirSNjUi/Ku7WX/bd5/r594Hoh6NZ0042DoydZmABBmOw94xq9aayfYvvtTOWvxRJo1gzA9e3/PkjFAtgzi/4gUu+yjMf1aQR8FZBnDp5d7dB15ur7PtcFU5cd2TkA9ednDe/kjoF2xha4UFJQj1zTeYNPjguOKqLhuOE2R+HWlCWj+wnPhnoO+3xOSecT8A8u3g7+W9cn1g19jv3Cg/gcB+y8VIiRdCUso8fiN0D74qt35OuE6HlR+Fj9yvD413c2bf3pdRV9R+nCMaHXl2OW2rkE5opMsNuTefysDHmBTIPSQq/V9CO7FADlSvb2ZJQ2t+ManIOTw9Sp8gEFiHcMlqm2iRCpOuVOIuFyJbUu2Q17+wTVf5svo3gDbcjJ3aKhDFDtfgDEeiF8IPDiRqSw6QeWAac67rGnHKvxit1e3saLbg9NFYRJJIZG277dTqJuRliWJGLGoMBjo/RmNntwVNfPgTqNTsIMJN/zLwHICF38ZPDjQRiwXIyR55P8P0eBe8Kbi6aP/ESRlbBCHNqp4TeetWyPhe+F3OXykSx71ICacEiH/d5t2TppdR0sH+9bWQXlZniW/0hFBQBrLEfjfuahKLsXa5mUpVSn1vmbL8/+jaYlhl5k+PGhZfIX9BgBoNMtVAK2cMauJXoesnhErBNggfIf6JYvUUjUvl8qWtasGcBHwVMb1znzWjFq4FO+hb/x+3BTj1YVKLlTADVjaPTJnDnxz6lnpZT5f0ntBcvnEaha8RowEEw+VOEm24mGzZdunO0a9gEMZ2b7ve+RfRoDjuvQ/0t4lcLN0ga5Tp5bMjo1LeVjJYs5Ufn8k588uCECg9DG5cerLQid8Hqgl658prmETU3W/fpoO6WaMv0RZa8LhD9TK660I38fk8cryX5+rvbebCrPdoYKfhE5mjmlIbuaHFsQ2oIkUdP1lQzPOqAniXV21H/NP/7mRcUWxdqdBkLCkilrhCHuHDcfamWxvxiHsttrRJ3J15gCFAC6fgc9LBc+6HWg6IWzCFMLIEum+rz+r6uSD+oYfGixk/BiSyvGAR8yec5hvFPajm8LqG4ZkJJYyRYoG3lEcypFDa6skF8xigDnatamg5ogmpQ8SvNK/47wuSd4eeSGF4cgiX33iKU5TZn5Uob2D5oaxCH3tcu5OFX5VLPEPP5vrTJxuMUOwz13w6SD5VVwDfOtmov15RgOUmPxrHrs93KygUsJ1vxF3TSrxKP8N3EMmGVTD8YIYgWP2kwvWPJueZZuje1mWgGAXEoPPuuaYLbUNGY+FKialEqUJL+G3Dl0ijLFLddYq7fm3DITr49yubrdOnQsB2lj4okET1o9Cj48SJUG1h1hAVRKEO9GY+wrSw0YwHHSy6qYwLaUPqQbJRRaev0FTO7r+68b6X+nQcYwL0WhsZ6KaXBHLkg27n6JdvWdnT06vms8EKK3LYk7m2aQhw9HvBNYUtEiCCYOIsuUpTb+0w0AAdFpR3zWkQqjC84ePVo160sGNb/PGg5RJLVDweAjMOMkGa1aTWsoa7L5dqlsADODwoT4mRHCYvGwDBsB3UK+EYhdj/UMzCicsh7mK6kv1a2nL9sQtAcmadHeOGnJcAs/c9MxjAuKwsJjQtoAJsiHIQrmpMIFXuA1Xqqt0PogtNv6vVrsyZ70x4I2KgH9g69pV/J/P0ZUshRBtRcag9IS0H1B0Be/B0GWc1If7dm4UEL80CPuOAwYEh4kN2PEaA3+KbKfDLQeBfG9oaJX1pH02JSduOU5YbhLAvN6xuB4RwfXGLWxAaPJBeWaCcqtkT5AmVJsD1+6rjrp6LwUBn5ceml6xCRcrp9lNMvy6RSuWdWlZaXRQUUJAUW+IMCYryEvUM3loQrG2QEkwDZvT5oo+3m15FWMhQRrC2Oz+iQ6kPDXkc6nZ3RTROmo5wNTgPenWZmSQrxNtIZFe0PeHO+m3q74ruJAhqApoxqg5IUwuvyjm8ieyuCgxjCPKofF4XriKiOzBk/K/w2hARVOfhldcqdXwoQ5qT/RSH4ffUk81uMolE+G6L6vcGgRjShgcfi9LHxYXXmcRTv9P5vSlC9uFuuRfx56lFkiKu435Ffm/sSVqYbp2+9yoYLTF6JRVzZIaOXGBu6ObiSnVQ+I9BNQWhc3jWRtnmUOqwTlZgBESY/dglK67uSFW2XAWNH9O3R9jkNqYfJm8rah9h3k7q0xBqZFTxfE0HWCMHkDM0shk8qFuBfrTyuYWmwN4qemF8iI6usYNpBPhgPCEOjQpKcx+EfNxU9rq6y0+2gNIgWmChf8jxEkYTo4wVAhtj/sFLRRkJ3GAXoxei/qOn9uCZZx1hPZHdrBBLh0a6Uh6AkQrHaHg0R/g6IdnyIg0SUZAVfX57MODjnjm7lzY9qjenbk+23QZnUi4Rb4xPMnWfDAFPcVYsrA6XC8T+9MaRzq20iKvk9+B5aoPwmaS6QDvgZhjxXaxdsbqHD/4WEIdmQX2HLCGheJREK5b1VlHIq0PM2xuOEh1Gxdi5mutEFAP66IpJiQsSlLQZmfpht5F6MaLFoHZI2EyIycHeVADJYQsRTBFeIzM/d0eiS0CSxKROrMwKZRP16ZCgyjGfAq0PCql0trryWVzIFIsL38TGSVAB5e/lXWnz0XnCPth10L8wYKtAxnG142CU0ergiPdbSqoKCOayCigHOxN83svVbEZzcnqWNLpFZTbyrSlyau8jMTXumVkDw4CTmKBjAGNnoQcGT+97fKX54gFRkknRCukLC/05a8YgjgsoBH2dMWFU+GvqkM+LKAWLq4mpPbYLpyKGDT2fSf176Le5Tmb7G2QiELCyL1CQ3a6ZqeYdhOe2Mnqed0C/QZKS7vL5amb6amU8APKat1yvWD29122JE84SMJP1JJ/uivfTN5HOisVALamlmXb5F3MoIG3UriKN6EClI6Wn6fZ6432rmHaOS1DaofCGiXdC93TE2TxxVOHWHZUDthOTrupkd6t69xCdYDb0Bd9xbVkzBLYR266nuVyAHGIoHWJDaecX+JUGGcZg7H1O+PCpR3rzP5GoUz9dLxiUj+L3FClSCmQWSOFIjLR7DL2HkXVVNFj1MV5dbV+/+sxRqd409/7k7vUCJEkwpUJYp8mGWojnuAcQz5ZwzXxOUdK3ls1A864QG5BCFoche2vYTZeIgm5wo9tf1z8LlF55XcGRKmrW/yHgM2XkU4usNMR1NnbPsSgBpStiFu+ehuv+0qrgNLgW4b7GskJwSs7Q/pkjQFO4omxJartVSbXaeTqIA5itFcO/IhMSs8qiqP8ZigaKALD4e46Pbgo+UP8DzqLBLrJAk1mYlyCNuf/1xf4Oq7RZ7Ng2MCvind3PVeDqJ4j2bVWQv4+R4H+IfVi/YssCM/KAg497F0y/feo0DZNGCCsEVzj6nXYHHb5M/4v9dWM5Na+06g9L7QeLniMl7U+UVkB3FNOucpWtpsGLyzHOjQSXpNdwePQ76fhflZcBPV11glkAoA7d8OGMGUBIzVsuNsUgiDZiB2uPRuyfjPnaML75rIA9rglf5wevTXGP+LvhxedJnKxpKl1WOf71pUIhEazVCZ5blFKnmaAUzl+rJ/+V5EtING7cmXaCrZD/BOfhh/8Uw3k/ck9ebuFrwSDTq1t1JVZJjJDxqRddDUaFkq0grHL6ayHVwS8Yx9hAVALPa8eSg959pGttCq3MMGxIZjfrZzy5+ACzjVSG+qaQDL8n5PYhPNdOXOVfrz6EyQOj5Q0JFQKKDfQ/7DBoQCmyzYmyM/FA0qiOU5BXUN/sQz14CMrxmsNpYh+O0xz9uLe+iyCxnVV/FRguM5fWDVfA+hHMfiwRnaiY2IrLuAS2OgsblU3RZLECz7rzu4GVChJzyFeL6E55Uj4idMCbPrMzmlW8FT9Y2ZRxqhkisyHaUfJJxAOKOuelV0vbEkxQpb3Oxi0Ls85wTdlxtnxGkSBGrkeCAzzDe/WsYB9E6OtdR27I10rljV6Y+3TdkK5RDr3z/lMs50Br6Ubzx8hoP0F4GZPR71nUhvEfXUQXxl/rkK/rYlOuI0GKPJcyEOfC+yR9vOwKVFhrDZe3dpPNONAl8IfWJwj/EwWdQilEHHjwMxDsu22pCF2Z16lFxv3/PUMyxm4Fs4fCt8bM898zZDDodEsGJiAvTCagaOwtM+rQaxYi9xV6J2Ge8Q5rZvEa6tNVvTsJ6iodg6zGwHKAinxxhRRCCLLCoFyyHedHbv4PHdgE5oj4NQoayDCHMoHXV+q8BxsEGPWJi38Nc8Xbo5s+cXjlwQcxRyDz3JiW1KWkmeZ6ze+cqtg+wvfkOFoEIspSEPIbu8r7uO9F4XSezwlNR1iy7y/hAf7A2KFMEugKjt8i1COsFRKclb/ETre9a7G78Qbc/qHvrTa3Xgc2UjOyC69uP8w1v9PWBU2O1lPwYZglFeQr4vVcCtl9WwOLM3Sk/lEY/iJmpLMLXzp3uz8OflTl7u68TYEAfYPr/2tXVNhqehIgwcp/0/kMwvHWS1ki9VQZLkYQAW1LU+qNsV63/Svojgq6zo9tjxdahiONImXvY9v98kgHFgDM0gB30iianY2iSc/jpjaNAVdPuFyWllIM9gtZcTDMrdICXAvQk4yGeWDIPiNL6NaT2Ms33tRfhdq99dHTbqtCp30FALq+s+swB7XV/yzpKKzD6qAnTz/QmyvQ36pyjmq2eGPrhVp7r3NhmlvbVH+daSjc1EaXsC4licuHhARexdlzjum0vsogWSIhJS2E7C8NniiqpLZGZhJ8P+esVq8ycsiJgJvun/W6cA1W0OrBxc7ZREA3OH+3ls2cCOkr00D68L4xz433Jx1Xq0jksO6/7Up8OncN2EAh+ExyWBteHjzjoTlcA98VpQCNiqnT94bGeNWJOAlqRlowx7qqdYLhFs4/pAhm1LixEX4UUoJUAORlKjPAj4UX1wKa7lZYY8yYUIueMz6Pm37A7rxNhNFMSK4Y7UytTBYDNzm/ItvMQGVwVGYQWT5ymwvZnEO1/lYdVjGngzBJAB3hVfBQomj/mxzJS1jvQpIWHWXGsQHjxHE87n/LaU4vEwjk/K1+ZcFszbZNSFQt78vSa8+bQaUZSL+QCS2MW/AZ2IeTE7c4q8KEj/Shh2euTnt8t4OvCrHAIAXVZMz3NtfLLn6EUmAYQdBAAwyzyP2JFbfcE0adcTqXu1GFv4XFv8Kpw9PwlC1ls8D7HQKMBRQJlnFLX0Ps7f3Ol2fb3Yynm3ACg3xYZO5K7UC5J+MXLOqd2bqp53hYWHXe6K1euBHOdkgMYkbcSYA/lf4SGPq/GySf6GC2Lt4Bu28UVisIyij0/DgqlsYlCgejt9oclJGGIBS5j02Tx0zMKo7GW7EpwAjP4ThFhTh4TyOoNFGGHRNWApP5y517L4V/gdds4G5TT6+15Itpx6eKBoFHeJt/Mchm9DfM+JriBUaU51NzTmue8p0R8QqkZKredcPewKOz8mtciDuZGzCMx+dppfrAUN580+mAzUPi5xf24jXEhwYSI0yEPEN5ga7byqB+SVkeVmb9Ie21cJfwX56j+LnizS4QQp5vDA2ElFu+5iQH4Gry4Ue8+Y2REDOjZj+305ZnHFkOdVdRY1sn8rYqvj2dZ2eAXSLQBPQPzb7rKCCl9gLxmuTaUg9EYL0zNUvF1Tm9555UOQOFp/HGYk6AnPm47Q1S3NcwlISuwKWZp1t2E9+5CWoAf1K+PZcNeaOYQ4jmSUHM1u0nJ8RUejJWNsuHkDbuUIClyqoER1XIe0cjHIGUY5r6t1a76hxf1tsFrnoy3IlJQSCps6TXvG/ZK8g3W/LHPbtVMoLdxASHakzyWeb8aPLGXSPnosfpm9/EYF688ACJSUTnd+Pa9n6tN4lSR3tda3lA4aCsp2VN1kK//5sAeRKwihsHgpDSNy9glIXXlLwniB1OzaGmvhVAxcYPQKgBjeW6z+tnGj0LMQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-04-17 02:13:30,919 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:13:30,919 - INFO [Shibboleth-Audit.SSO:?] - 20210417T021330Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_9a8072ce-b1f5-41cd-afac-4f84e84f84dc|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_05bebf1ca0c289f453fd88025a077d2d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxmGx4ug/h585HXpK/lXSqjI9Cr5q7Jnc92nhlVgbVqIhW/9dBjSbktNYMcNElxUf6xbWItBnJkdpTo8Wd4HDfndDMFJ1gQZm0kf2fUSPlbsPNGucxuAHTkP8LKBmArEOy3rxvQree|_507360282dc439e69622658ea3b8cb68|
2021-04-17 02:15:14,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://213.56.132.5/private
2021-04-17 02:15:14,455 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:15:14,456 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:15:14,456 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://samltest.cert-ist.com/saml2/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_13F76198597CDFBA926C8D57871E5954"
    IsPassive="false" IssueInstant="2021-04-17T02:15:13Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://samltest.cert-ist.com/saml2/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2021-04-17 02:15:14,462 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://samltest.cert-ist.com/saml2/metadata' from origin source
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:15:14,462 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:15:14,462 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://samltest.cert-ist.com/saml2/metadata
2021-04-17 02:15:14,463 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_13F76198597CDFBA926C8D57871E5954', issue instant '2021-04-17T02:15:13.000Z', entityID 'https://samltest.cert-ist.com/saml2/metadata'
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:15:14,463 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=jVJdaxsxEPwrh97Psi65nC1sw9VXgyFNg93kIS9B6NZEoI%2BLdi9p%2Fn2lMy0pFNMnidkZ7cygFSpnB9mO9OIP8DoCUvHTWY9yGqzZGL0MCg1KrxygJC2P7bdbWc3mcoiBgg6WfZJcVihEiGSCZ8W%2BW7NncbVrbsRyUS%2Bbbbf70i6rm%2B2iq5tFI77Wy%2FqaFY8QMfHXLMmTCHGEvUdSnhI0r0Q5vy5F82NeSVFLcfXEii5lMF7RpHohGlBynq1RGsxMz00%2F8GT9ZCzw7KziB%2BhNBE38ePzOim3wCPn9S0n0mST1GGM6S%2BMGa7QhVuxC1DAVumYnZRGy7fuU3LzBH6T9XUReNjqIR4hvRsPD4fYfpnXiliZfgpvQig8B6QA4ZBtss8qgnNqJm%2F%2BROyDVK1Ir%2Flm5Ov%2BGu5R2392HFOgjx3HqQhliJibE9OVpokpwyti27yMgpqTWhvdtBEUpPcURGN%2Bct%2F797Ta%2FAA%3D%3D&RelayState=https%3A%2F%2F213.56.132.5%2Fprivate&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=GP4oYQAayIF21iQRmj%2BwOrkVXVeHBrTGDu4BBZO96sT6LLqMos0Om9tMdVaX9LpSvAfr4L7vpryb9CvS4uz66JRXol9pdEXg0%2BSkUCNrNAtvQ3qTuN9zS4WnxHwOF%2Bt8H5%2Bbk98F3bvwM%2Bv0heg27NFQh4wyqTHkwRPKHBXALhue9GzMcx5dpYy8K28pNNICcwFaiK1mzMB63ayU5W6QrHy%2Fz1c15T3RSUVGQP45GPdWgZLJxNPbLW4LKQgwAZmw3nRd01ugBj3yJW54kTjrSgTbC7faq2Hi1TpqXX%2Fx3GymVbMDx0y1hiw01HdQOi6y4JRgMg26COIjUfaMIKLUPQ%3D%3D
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=jVJdaxsxEPwrh97Psi65nC1sw9VXgyFNg93kIS9B6NZEoI%2BLdi9p%2Fn2lMy0pFNMnidkZ7cygFSpnB9mO9OIP8DoCUvHTWY9yGqzZGL0MCg1KrxygJC2P7bdbWc3mcoiBgg6WfZJcVihEiGSCZ8W%2BW7NncbVrbsRyUS%2Bbbbf70i6rm%2B2iq5tFI77Wy%2FqaFY8QMfHXLMmTCHGEvUdSnhI0r0Q5vy5F82NeSVFLcfXEii5lMF7RpHohGlBynq1RGsxMz00%2F8GT9ZCzw7KziB%2BhNBE38ePzOim3wCPn9S0n0mST1GGM6S%2BMGa7QhVuxC1DAVumYnZRGy7fuU3LzBH6T9XUReNjqIR4hvRsPD4fYfpnXiliZfgpvQig8B6QA4ZBtss8qgnNqJm%2F%2BROyDVK1Ir%2Flm5Ov%2BGu5R2392HFOgjx3HqQhliJibE9OVpokpwyti27yMgpqTWhvdtBEUpPcURGN%2Bct%2F797Ta%2FAA%3D%3D&RelayState=https%3A%2F%2F213.56.132.5%2Fprivate&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://samltest.cert-ist.com/saml2/metadata
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://samltest.cert-ist.com/saml2/metadata, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://samltest.cert-ist.com/saml2/metadata' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://samltest.cert-ist.com/saml2/metadata
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:15:14,464 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://samltest.cert-ist.com/saml2/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:15:14,464 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:15:14,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:15:14,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:15:14,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:15:14,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://samltest.cert-ist.com/saml2/metadata
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:15:14,465 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:15:14,465 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:15:14,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:15:14,469 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:15:14.469Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:15:14,469 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:15:14,469 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:15:14,469 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:15:14,470 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:27:10,142 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cmVhPWQ4YjUzZGJmYzE3N2NhYTU3YWJhN2JlY2Q2NjVlOTQ4LA==
2021-04-17 02:27:10,143 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:27:10,143 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:27:10,143 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    ID="_467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6"
    IssueInstant="2021-04-17T02:27:09Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://saml.threatpulse.net:8443/saml/saml_realm</Issuer>
</AuthnRequest>

2021-04-17 02:27:10,148 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://saml.threatpulse.net:8443/saml/saml_realm' from origin source
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:27:10,148 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:27:10,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:27:10,149 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:27:10,149 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:27:10,149 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:27:10,149 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6', issue instant '2021-04-17T02:27:09.000Z', entityID 'https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saml.threatpulse.net:8443/saml/saml_realm' does not require AuthnRequests to be signed
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:27:10,150 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:27:10,150 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:27:10,151 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:27:10,151 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:27:10,151 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-04-17 02:27:10,151 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-04-17 02:27:10,155 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:27:10.156Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 51de95c24029363d1fcebb6caf8c2036d6feac83af131b281502022efa1f19df
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 51de95c24029363d1fcebb6caf8c2036d6feac83af131b281502022efa1f19df
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:27:10,156 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:27:10,269 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saml.threatpulse.net'
2021-04-17 02:27:10,269 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:27:10,269 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:27:21,797 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-04-17 02:27:21,797 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-04-17 02:27:21,797 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-04-17 02:27:21,797 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1438536680::identifier=morty, context=org.apache.velocity.VelocityContext@232adad3]
2021-04-17 02:27:21,805 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1438536680::identifier=morty, context=org.apache.velocity.VelocityContext@232adad3]
2021-04-17 02:27:21,805 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-04-17 02:27:21,805 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-04-17 02:27:21,806 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3d3618608415c59cf976c3352cfa62666ee914793f6204414c27321c737e4a9f for principal morty
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 2 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:27:21,807 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@331b5c87'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-04-17 02:27:21,808 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:27:21,809 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saml.threatpulse.net'
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:27:21,875 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:27:25,592 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:27:25,592 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:27:25,592 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T022725Z|https://saml.threatpulse.net:8443/saml/saml_realm|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:27:25,592 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@331b5c87'
2021-04-17 02:27:25,592 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:27:25,592 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:27:25,593 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:27:25,594 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _88b10b9384614c490dab6242f637f495
2021-04-17 02:27:25,594 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _88b10b9384614c490dab6242f637f495 to Response _d9ab5dfedaf104d7dfe2a90146caebbc
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _88b10b9384614c490dab6242f637f495
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Ambassador of attribute eduPersonEntitlement
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-04-17 02:27:25,594 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-04-17 02:27:25,595 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-04-17 02:27:25,595 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxl2pTZuq51MvFMp2tvqZAA8fK5dNyTjn7RbHd9grltobLaMF4YY1KjGGq4wNKpqk6R4h1q304/atWfOZSZHfiIfh5uskhACHGkkME18fRcfFw1DnFH6bvT9u09ul0RNCFNhxe7kLsun7RlYoAnA== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 205.197.212.198
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _88b10b9384614c490dab6242f637f495
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _88b10b9384614c490dab6242f637f495 did not already contain Conditions, one was added
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:32:25.592Z, to Assertion _88b10b9384614c490dab6242f637f495
2021-04-17 02:27:25,595 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _88b10b9384614c490dab6242f637f495 already contained Conditions, nothing was done
2021-04-17 02:27:25,596 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:27:25,596 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _88b10b9384614c490dab6242f637f495 already contained Conditions, nothing was done
2021-04-17 02:27:25,596 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:27:25,596 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://saml.threatpulse.net:8443/saml/saml_realm as an Audience of the AudienceRestriction
2021-04-17 02:27:25,596 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _88b10b9384614c490dab6242f637f495
2021-04-17 02:27:25,596 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://saml.threatpulse.net:8443/saml/saml_realm to existing session 3d3618608415c59cf976c3352cfa62666ee914793f6204414c27321c737e4a9f
2021-04-17 02:27:25,596 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://saml.threatpulse.net:8443/saml/saml_realm in session 3d3618608415c59cf976c3352cfa62666ee914793f6204414c27321c737e4a9f
2021-04-17 02:27:25,596 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:27:25,596 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://saml.threatpulse.net:8443/saml/saml_realm and key AAdzZWNyZXQxl2pTZuq51MvFMp2tvqZAA8fK5dNyTjn7RbHd9grltobLaMF4YY1KjGGq4wNKpqk6R4h1q304/atWfOZSZHfiIfh5uskhACHGkkME18fRcfFw1DnFH6bvT9u09ul0RNCFNhxe7kLsun7RlYoAnA==
2021-04-17 02:27:25,597 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:27:25,597 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:27:25,597 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88b10b9384614c490dab6242f637f495"
2021-04-17 02:27:25,597 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88b10b9384614c490dab6242f637f495 and Element was [saml2:Assertion: null]
2021-04-17 02:27:25,597 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_88b10b9384614c490dab6242f637f495"
2021-04-17 02:27:25,597 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _88b10b9384614c490dab6242f637f495 and Element was [saml2:Assertion: null]
2021-04-17 02:27:25,599 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2021-04-17 02:27:25,599 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost
2021-04-17 02:27:25,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost
2021-04-17 02:27:25,600 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9ab5dfedaf104d7dfe2a90146caebbc"
2021-04-17 02:27:25,600 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9ab5dfedaf104d7dfe2a90146caebbc and Element was [saml2p:Response: null]
2021-04-17 02:27:25,600 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d9ab5dfedaf104d7dfe2a90146caebbc"
2021-04-17 02:27:25,600 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d9ab5dfedaf104d7dfe2a90146caebbc and Element was [saml2p:Response: null]
2021-04-17 02:27:25,601 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:27:25,601 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost' with encoded value 'https&#x3a;&#x2f;&#x2f;saml.threatpulse.net&#x3a;8443&#x2f;saml&#x2f;saml_realm&#x2f;bcsamlpost'
2021-04-17 02:27:25,601 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:27:25,602 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cmVhPWQ4YjUzZGJmYzE3N2NhYTU3YWJhN2JlY2Q2NjVlOTQ4LA==', encoded as 'cmVhPWQ4YjUzZGJmYzE3N2NhYTU3YWJhN2JlY2Q2NjVlOTQ4LA&#x3d;&#x3d;'
2021-04-17 02:27:25,603 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost"
    ID="_d9ab5dfedaf104d7dfe2a90146caebbc"
    InResponseTo="_467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6"
    IssueInstant="2021-04-17T02:27:25.592Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d9ab5dfedaf104d7dfe2a90146caebbc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>7imRdAr4R3MM8RCWWATsF21DNvj30LiDWkEhYQDQ7Go=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>VyGgPmT0Rw31PhBjU0D65K5T+fLW54vY16jT8nFw17k4tneDt7D4mq7zfl7HIqz9KW6PB4xZSLQSUxISHh474gI+Ezn+ZmeikoZca3rrzYnC0cpMdWRsCb885FsClcLIMuVA4acWIJ1LyYtqqCphxXJGl61inlBUbr57zf2ng45SEUUp21CnI1zfnQ1IV3LS2agqH2AeP8PKtu3nniUCvWlXdVi9AeafFQsNN55/kjvD0xSWMuAaLxqZUdN4gK1fWRLkjXBfdBDeAc9X4XnVkHe/pe6DBn+eZ6wZr1Cx0r6BrIYnf9EnD2VwlxMv6Etecms+LWk9MiMSe26SljgLIg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_88b10b9384614c490dab6242f637f495"
        IssueInstant="2021-04-17T02:27:25.592Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_88b10b9384614c490dab6242f637f495">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>LXeJD7S/scRFtT4j1kFkPGFT8y1Q189d7Ix+1GKmWd8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gdpI1ANJSZ4mp6wcIlF6MOEAnWUub11FkIG0MLUZyIVf5H4FfOIjViNowO/E5iMlEZoIJ0grz3gBhl7uvJOZ9dscRfpBcttsK1Of4jXZfzOprdxbhZezwvE/NvtH33M5lboDm45GKDrknOkf/SqhUvKQI4TbjmY8Cs8NYOGRj7oOCps2RriMJ5bzVSRaBh6KhcMReZrXCAc6RL1c6LSIznieQlyYV9abPNPmHXe318bfQ8IKGc3Vzvl1haeUVR3Ftci/+M+macQi3TAHclrlbcqA9bqA2mE08Lulq5Uy0Ww+1Yrnm/trdKNdIugVeD9uRMRYHaLE2lW5AltNMnZGXg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://saml.threatpulse.net:8443/saml/saml_realm" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxl2pTZuq51MvFMp2tvqZAA8fK5dNyTjn7RbHd9grltobLaMF4YY1KjGGq4wNKpqk6R4h1q304/atWfOZSZHfiIfh5uskhACHGkkME18fRcfFw1DnFH6bvT9u09ul0RNCFNhxe7kLsun7RlYoAnA==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="205.197.212.198"
                    InResponseTo="_467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6"
                    NotOnOrAfter="2021-04-17T02:32:25.595Z" Recipient="https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:27:25.592Z" NotOnOrAfter="2021-04-17T02:32:25.592Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://saml.threatpulse.net:8443/saml/saml_realm</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:27:21.805Z" SessionIndex="_513fe945cf4085681cb3802fc2c87369">
            <saml2:SubjectLocality Address="205.197.212.198"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Ambassador</saml2:AttributeValue>
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:27:25,603 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:27:25,603 - INFO [Shibboleth-Audit.SSO:?] - 20210417T022725Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_467a6c449cf1311e8bc726a766754445ac8e4b25a5bdc8093614c9b49e78efc6|https://saml.threatpulse.net:8443/saml/saml_realm|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d9ab5dfedaf104d7dfe2a90146caebbc|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxl2pTZuq51MvFMp2tvqZAA8fK5dNyTjn7RbHd9grltobLaMF4YY1KjGGq4wNKpqk6R4h1q304/atWfOZSZHfiIfh5uskhACHGkkME18fRcfFw1DnFH6bvT9u09ul0RNCFNhxe7kLsun7RlYoAnA==|_88b10b9384614c490dab6242f637f495|
2021-04-17 02:30:41,918 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:9ceb49ef5ad92474d4f9e6a8f5ce76c27beac8924f29398753378de94806eefe
2021-04-17 02:30:41,918 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:30:41,919 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:30:41,919 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://www.ats-platform.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_8e1c08ff44449ce3939cdcca236f26ee"
    IssueInstant="2021-04-17T01:13:00Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">samltest-ats-platform</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-04-17 02:30:41,928 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'samltest-ats-platform' from origin source
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:30:41,928 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:30:41,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer samltest-ats-platform
2021-04-17 02:30:41,928 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:30:41,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:30:41,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:30:41,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-04-17 02:30:41,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:30:41,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_8e1c08ff44449ce3939cdcca236f26ee', issue instant '2021-04-17T01:13:00.000Z', entityID 'samltest-ats-platform'
2021-04-17 02:30:41,929 - WARN [org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler:?] - Message Handler:  Message was expired: message time was '2021-04-17T01:13:00.000Z', message expired at: '2021-04-17T01:19:00.000Z', current time: '2021-04-17T02:30:41.929Z'
2021-04-17 02:30:41,930 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: MessageExpired
2021-04-17 02:30:41,930 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-04-17 02:34:40,572 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cmVhPTMxZGYzM2Q0MjA3NTExN2JkYjNkMzZlYmM0MTBjOTks
2021-04-17 02:34:40,572 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:34:40,572 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:34:40,572 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    ID="_ba745535511dca3b67f9b554bb245a25b54692bafafe78b7cdafa808d6285b3d"
    IssueInstant="2021-04-17T02:34:40Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://saml.threatpulse.net:8443/saml/saml_realm</Issuer>
</AuthnRequest>

2021-04-17 02:34:40,578 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://saml.threatpulse.net:8443/saml/saml_realm' from origin source
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:34:40,579 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:34:40,579 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:34:40,580 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:40,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:34:40,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:34:40,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_ba745535511dca3b67f9b554bb245a25b54692bafafe78b7cdafa808d6285b3d', issue instant '2021-04-17T02:34:40.000Z', entityID 'https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saml.threatpulse.net:8443/saml/saml_realm' does not require AuthnRequests to be signed
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:34:40,581 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:34:40,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:34:40,582 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:34:40,582 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:34:40,582 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:34:40,582 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-04-17 02:34:40,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-04-17 02:34:40,586 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:34:40,586 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:34:40.586Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:34:40,586 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:34:40,586 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:34:40,586 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:34:40,587 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:34:40,648 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saml.threatpulse.net'
2021-04-17 02:34:40,648 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:34:40,648 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:34:41,435 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cmVhPTY4N2Q1ZTIxZGRkMzc4ZmJiMWE5NzNjYjkyNjFiNTIs
2021-04-17 02:34:41,435 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:34:41,435 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:34:41,435 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    ID="_fb24151a6100fc223f79f70c4978ac60262f868ab5967c1bc28ed74a762a8d73"
    IssueInstant="2021-04-17T02:34:41Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://saml.threatpulse.net:8443/saml/saml_realm</Issuer>
</AuthnRequest>

2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:34:41,436 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:34:41,436 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:34:41,436 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_fb24151a6100fc223f79f70c4978ac60262f868ab5967c1bc28ed74a762a8d73', issue instant '2021-04-17T02:34:41.000Z', entityID 'https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saml.threatpulse.net:8443/saml/saml_realm' does not require AuthnRequests to be signed
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:34:41,437 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:34:41,437 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:41,437 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:34:41,438 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:34:41,438 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:34:41,438 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:34:41,438 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:34:41,438 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-04-17 02:34:41,438 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-04-17 02:34:41,439 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:34:41.440Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:34:41,440 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:34:41,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saml.threatpulse.net'
2021-04-17 02:34:41,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:34:41,502 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:42:12,696 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:12,696 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_qr1eunurlf5h852l05upfz45nx2limo7iqaq" IsPassive="false"
            IssueInstant="2021-04-17T02:42:12.024Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_qr1eunurlf5h852l05upfz45nx2limo7iqaq">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>HRhTuRo8s324OSo4VLBSIhN0mDk=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>ib4mvWfx0oR2vhHMsDrmaVOpQEy1EwoT5Bp4/3octdDa+NHWjvfqGrK8IGudAZZFccNKAR1FyUXfVmiT2KojTG4BZ2NzksiDFAH0tb+bflyVnmBmjj4C7P0MQBE0CJetletvgyNKHUgZMU38DHvSUeSAcjuZ3b8t7oRC9IyaXamCZcEYqx6wYH3zx56inoGcVjcMGcP1bnv3D9QmpFvGPzZa/xKk620cLo1TK3LMvDlW4MPdLQ+9psdEwUq/PmSJ+dLkfzxcHjZz0STAapKFSJY0ZrMU2lBSGe/vgakIgPJH171PFjihP/LIm2uCKxImj/mZ9XkpNBWdphlEuKALP4aT2D7G0gEM2PUctey/qLtiwJjTAvdAUrmj1ssmBKxQijKGWxCb4xm5c+Xmc/znQ18HIcD9dezL+BvtsqiT25Bb3ZiWedwdT4yzIa677ujOZ2u6ya9Grfo8a8WiZcJdTPcx8cFI8xlJpOt6wPPXXIFJm5uvv1IaeEJ1CHoDVDnMHxPhxBI2FIKzitH7MqpSxXyfh5HYleuXIKlwgtLcUkP9i8lZOf2AXcywQDh/bjk2o3wxUxiTdy0cy3KCNBZmJHOt7V9IVPNf3szt557kYkWGnkrTZvFOsxB+c5LlLviC3yvGrKe4c1ItxzuzOxYlsSSaA1AIxsAndWwutqM5kVg=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:42:12,704 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eu-de.otc.t-systems.com' from origin source
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:42:12,704 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:42:12,704 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:12,705 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:42:12,705 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:42:12,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:42:12,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:42:12,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:42:12,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_qr1eunurlf5h852l05upfz45nx2limo7iqaq', issue instant '2021-04-17T02:42:12.024Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:42:12,706 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:42:12,706 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-04-17 02:42:12,706 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-04-17 02:42:12,706 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:42:12,706 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qr1eunurlf5h852l05upfz45nx2limo7iqaq and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _qr1eunurlf5h852l05upfz45nx2limo7iqaq and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
2021-04-17 02:42:12,707 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:42:12,707 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:42:12,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:42:12,708 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:12,709 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:12,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:42:12,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:42:12,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:42:12,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:42:12,709 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:12,709 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:42:12,709 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:12,709 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:12,709 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:42:12,713 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:42:12,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:42:12,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:42:12,714 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:42:12.714Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:42:12,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:42:12,714 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:42:12,715 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:42:12,716 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:42:12,716 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1924602059::identifier=rick, context=org.apache.velocity.VelocityContext@672209da]
2021-04-17 02:42:12,717 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1924602059::identifier=rick, context=org.apache.velocity.VelocityContext@672209da]
2021-04-17 02:42:12,718 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:42:12,718 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 1c4322d8d9b9618e67cd1a1a1068f5a81f57b541ebc10fcaff6df0f8e2d72ba9 for principal rick
2021-04-17 02:42:12,719 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 1c4322d8d9b9618e67cd1a1a1068f5a81f57b541ebc10fcaff6df0f8e2d72ba9
2021-04-17 02:42:12,720 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:42:12,721 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:42:12,722 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:42:12,723 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:42:12,723 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:42:12,723 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _19697868c79af50d361a38f2798a86d1
2021-04-17 02:42:12,723 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _19697868c79af50d361a38f2798a86d1 to Response _5ddc564bdde8410471017f3cbf9d06cd
2021-04-17 02:42:12,723 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _19697868c79af50d361a38f2798a86d1
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:42:12,724 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:42:12,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:42:12,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:42:12,725 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxRtcCVa4NVMviCI5h3jG8R2IFudqIxrakfhOJf2agJZQQRR6pty3z6iqbVhXrFrxTQkL5GnvE3UYPZlomS/I/R6gHA5UEkV2fLMN82QbzrMLpgz+gaFNlmlX0uiaWb7VgY7we5ZbS with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _qr1eunurlf5h852l05upfz45nx2limo7iqaq
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _19697868c79af50d361a38f2798a86d1
2021-04-17 02:42:12,727 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _19697868c79af50d361a38f2798a86d1 did not already contain Conditions, one was added
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:47:12.722Z, to Assertion _19697868c79af50d361a38f2798a86d1
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _19697868c79af50d361a38f2798a86d1 already contained Conditions, nothing was done
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _19697868c79af50d361a38f2798a86d1 already contained Conditions, nothing was done
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:42:12,728 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _19697868c79af50d361a38f2798a86d1
2021-04-17 02:42:12,729 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _19697868c79af50d361a38f2798a86d1 did not already contain Advice, one was added
2021-04-17 02:42:12,729 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 1c4322d8d9b9618e67cd1a1a1068f5a81f57b541ebc10fcaff6df0f8e2d72ba9
2021-04-17 02:42:12,729 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 1c4322d8d9b9618e67cd1a1a1068f5a81f57b541ebc10fcaff6df0f8e2d72ba9
2021-04-17 02:42:12,729 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:42:12,730 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxRtcCVa4NVMviCI5h3jG8R2IFudqIxrakfhOJf2agJZQQRR6pty3z6iqbVhXrFrxTQkL5GnvE3UYPZlomS/I/R6gHA5UEkV2fLMN82QbzrMLpgz+gaFNlmlX0uiaWb7VgY7we5ZbS
2021-04-17 02:42:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:42:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:42:12,731 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19697868c79af50d361a38f2798a86d1"
2021-04-17 02:42:12,731 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19697868c79af50d361a38f2798a86d1 and Element was [saml2:Assertion: null]
2021-04-17 02:42:12,731 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_19697868c79af50d361a38f2798a86d1"
2021-04-17 02:42:12,731 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _19697868c79af50d361a38f2798a86d1 and Element was [saml2:Assertion: null]
2021-04-17 02:42:12,733 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5ddc564bdde8410471017f3cbf9d06cd"
    InResponseTo="_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
    IssueInstant="2021-04-17T02:42:12.722Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_19697868c79af50d361a38f2798a86d1"
        IssueInstant="2021-04-17T02:42:12.722Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_19697868c79af50d361a38f2798a86d1">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>86YPWZ6F/+XDIRTZ3MjHBFtAPWTGev3+sJDV1t3KBN8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>W812H3VrQDwr3axegRjdcpEvSVsfB/E/rKPx4CLfyux23c+8YHmmP6M/MVtsLk9uATuNpE7vpC84UGvaXiF9jWnAn0PcVyvEvF49M/gRhYX2qWwT7764xMtHTHxFA0XuDNd60tHPL5D15uAR8vQbAROwJpRqar2u4dhOS7umGKtvRi+HC3m4wqgN08rqMouLANq0T4EGoZLiQxjLtAYgYTBFkPsmqlDfRggFN8CMQcqePUEvTB7jRScVV9ft6+8DKFnlDj1AWkZkUy2qId5GF6yCW8tME6UoLEkEjo9I8aPPq/UFVwgbirfeLNqb9GRhBziuwn9jObTlwpTIWtp+fQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxRtcCVa4NVMviCI5h3jG8R2IFudqIxrakfhOJf2agJZQQRR6pty3z6iqbVhXrFrxTQkL5GnvE3UYPZlomS/I/R6gHA5UEkV2fLMN82QbzrMLpgz+gaFNlmlX0uiaWb7VgY7we5ZbS</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
                    NotOnOrAfter="2021-04-17T02:47:12.727Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:42:12.722Z" NotOnOrAfter="2021-04-17T02:47:12.722Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">LbZIN53UiVWGD0GK9XDusBe7Q8Uw6BdYAuF4E6mmL5I=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:42:12.718Z" SessionIndex="_856104ffcd56fb89af5824c3e9e49f48">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:42:12,734 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:12,735 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:12,735 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5ddc564bdde8410471017f3cbf9d06cd"
2021-04-17 02:42:12,735 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5ddc564bdde8410471017f3cbf9d06cd and Element was [saml2p:Response: null]
2021-04-17 02:42:12,735 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5ddc564bdde8410471017f3cbf9d06cd"
2021-04-17 02:42:12,735 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5ddc564bdde8410471017f3cbf9d06cd and Element was [saml2p:Response: null]
2021-04-17 02:42:12,737 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:42:12,738 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">LbZIN53UiVWGD0GK9XDusBe7Q8Uw6BdYAuF4E6mmL5I=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_5ddc564bdde8410471017f3cbf9d06cd"
            InResponseTo="_qr1eunurlf5h852l05upfz45nx2limo7iqaq"
            IssueInstant="2021-04-17T02:42:12.722Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_5ddc564bdde8410471017f3cbf9d06cd">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>2TeNYYyF+URVWJtq2GOB1MHYpN3el6eVFGdDZhKSNgs=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>r4Y6xl39QiFdWMDNaQMjvad1IpgC1FVPFXTb8zbAYe/1sDN6Ev9pkIXoOnZ5IhLpNJtFAS1IgWDA/lPaU5RVvBWzVKlI378vSScQRNUWSrJYtMd/Ej1vkiepsJpyzuRN14mqgn0+gyxJmZ2Js0f1BWe6LJ90BSV+YXhyu7cU4ZpWZDH1lXIgbBc+qy80xExeo8lKqdwcwWcpk5ocXfHZU5aQaCNwu/BdoUjCcLpXtkx6A16Em2IweOnkl69yyl292NhbYd/NWKnQLG1n0TkJZWegZHj1qsHxE1q+PGeMQcvuzvsVEDWTT6n3xIA+1J2OJSsgW3xj16R69W98vcDmqg==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_02c9ec0335f3a34e80082b5803d10f01"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_f96a4b06411165ae7fd49c6e0f62f7cc"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>BZObU5ic1H+mSWvd822XKHarKd2iE06LrTo6ZLRdbVAk8IIT1TzurpQFlmCf3kE+VtPVN4rut4FeZzb/+tgp6fArE7MF3QwlSbZopHGSOYsJzA5Ye3PBcdPe8hvwlM9F+xcOBjYOYREqDwbK1hblsir4mCIvPXNQuAWDnpW2wjlNuxEvEgHjMxkiiuXr4yKAaSh9DtCv5o1FvnYGvQT161IZzRMZjjDpYSZY9/V6fmg3E9bHJUonbEta1kSJr82wpjRvVuwtFQGhvbs4kyki7NjO+zrcLIJ0QWzg2QLNfDn5N/zhaUYxGykKKkE5iOhWYvEs/QhsSZzG6BNOEIxM7cVq6WVS6/Yva4zsfbDij0ztclOuliWxFB4ykYCnmUsJ228TaCi7Gl/sfz4ExYUKfSgl/U5IKhIcc9fPRJzUKPI5BAeGxi9DvLKAQOcLSIZaE7kvYV0+LzEz20Ro6av+Qd9lfoH3Y8h6kYg9snovydG8z70Ef8X8qIg2Mn+f7LfMJ6OtTNG4TF/tbPCyWlHFApibrZdPkiyM7WSIHVVebPI/xz3pyLffQALovTVsy9twvtDYEutaK2Sy6dOyl7xOsR26nra4dWhs4y4bCRKUG+gWIb7lTKov6id8URT7qZfCoAjOnfg35OMyiP0mgK5KomcfOejWjgC35vnLKzyYoik=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Z+CtonE/gdCCXWOGN5S6BmW8s9MArZB0je/vQqnXZLb4dye+CUG0GwPR/khJBq0nxVTMWLvFtzFZ2UoheMUd8U39rCiWw1cjHhC/YeehJ2IIbfDlV1OlbNzVdQPAJ8NHh2n/e2GUz1J7FZXWiu80IYCSbe4CJvWj91AC13enzsol2OJFw66UjV8IEqfeRtVue5pJ81edHoPz1ut7sT2u5p0ciEbhUdkUUuaIZWkRAJJ2xWxaYrMxDBQJmBx+jlVqWsPXRmwMRpNFuFR8rzahOJPbKJZaNj10AyLXSd2JbLVjJg6c8xKYfZLTiQCZgWSKyEVtDbHHe7pSP3LENVRB4EQ1bjSAC7dmpzdoG4Xwa+rohtTeni7perawcV7dvC1Sq6GqOcQy/8FcPQoQ1gI/ahOZ/2k2pE5qlkO5B/5oyX2k5cLrEXuXB3/q0OkVir4SgBVSaJSviVGtxAkDjOU2DjvMrtOltzQZOcN/gf4ZPujthX7Q+0T5aMUg8QlxfYqYCVvFNBO5wVkgJ6gDnrCJ2yToQyaQQ3cTSxqanhlnWxAPZ15jUlDpZ1VYnfvG1/LRHeEaxUB/oScsy+PmRt19DnLDgveiiv+3ohdgJzvghmtn4nhqVKYhZRhm4SN3kFV14O+wPN29ChgVNIpb2E2iQUkeP1PXtMq4tTxXQeh3VnTt2rZfNvonAnuEK6FThZRMWKepUFr/WDGP7nv5gmLuBy4/9n1ngdM88RPuXj61LFKd1iBk0+z/Qd+J1q9Zxk1fB8pRGT7vNHbUw3cHYjdTXM1nhxWNRfq56YXSIzhGqjLZxt34+irJwIXzGn7jgfvqSArDTUmdwYW01CyhvGnv7fr7dYh22gZTs/BKX8/D9KeU5UiSIfRj/9BjWSZE4EURxVIqmjVDRKYszrK8L48RR79mjeqDi1sk7cAHu6Fzg05nDNDzyh9cMsHW4/chGeYsBL1KPINL+jfvhey82Jh48jd2NXWKa8ouoR01Mjjj/8XibkzfTL5Ja5jxfTuyYOJZVc8mlyYEeU3SshFf2pAMhNm6MQCG6s12JOlv4+I6ODat5Vk+D13Llfl9ydzlXbO99o2U3fdCuUEH7/zjXkdwtSGS6v9ZsZ2V4sOcAl4ZbArxYkHTwVc5ihcfw02LShhWrFdwd2P1tHiggyWmLPx4dFoamA7k+8fhEn9XTZAdmkPAFgSK2ml//CByHwJ2JRJldNml4u4CGAYjRnpsw+/KY7vsMXTl0q0fFn+8tdL7kIAsXDJKURyTm8bnaBBr1iQElUBuUuDUAknGLC/FDOk0T2oDY2rQxxURAxIP5dVcXGMsJ377aPmEwHGfIJQoUfoYUfff0iwgT/f7Qz83XBncaww8TsMi2Ji/eJlHolHV7rg063KZskADNQkQ7VhIuFpaR8pUNdKWyCMksGQ80jsEyavLRhLb1JN6kYiyKSbVcrG9UF9+XX6XkIOpiOkQSkE/gVPIn4GiD6E2UJmGjDBawPM/rqZiOyy6I7vKiM1EV4ztxO0M+92tJN5SCLro37UbGxlvhMa8KVIFOh7/W31ELm30vG4DrTr63dPFwPO6Ys4Z4SZzpZ/Syg0GaXiYD2qqB0j/7Cc6fP1ELylTfi23gEg4jrLp1h190E+fcnNq5m78cJTb+/0uYrC9T4/znIylSAGwCzT1ufFpd9RUzqfIC1edfVFNP3p6HneBI1o4QOK0NuG3zPQLQbpHbCbvsp6YtQV82jfsboAFOJThNc/uVa6Ce78Q5dryJC8dSl/Jp93dbr6aAkmW0OjNz1fM05p9aql5JV4TY8dPyNxhzxR0iZO/5jZFW5LaS0gvcfA8vMS0AO+ruay7L+LVbdhuIJpQSZ0hMt9sc8pBSGfQIkaTCsl88KTgINyHOIAkBc8dyodaSpLmAU5FOLL2mEAHepYq/6NLhbWSLJkh629EA1y58oOVzOPHFl9QXL801QnxC8LBAy5g9TtJInz7OQRt+w+OlKliOFWZsKYZqe7UiS8JjzXBv3qW4VY9/XDXLj/3PZtjmXFx3xJyD490nJZvoiX8kB1TMbRr6Sg0PA6Z+oh473cfENeh6K/0vafiP2T+tvS/4UjhzXWaGCwwVC1YHGtomz3NQS1QBJxHyRbVTGOudCzt5Kjx8bstX18U+3CK3pMzgXu/twAAmVX8co4G61eDoYOLdFXe0K4jF276/KK1D+m3FVn/u2E5NceerKrGOga1MW2JNEoAEYLyh9NKI4PqeIrgX8WOHAQFclGdBnPcdWeVogSrebIKCcpQX4F7BFQl3FDym+WFTr1aqbUaDQZOWzNecImc4sqK3vgpc1hVj5VRt/PZp+lL8BAHzzJVYTbq7bLoAxKgBWfZXbJGeiybKwBfFJlcBHues/mqMurWH6c6L8Hke4Xmxc3sFGefk+0KHe4arRL3E6zb8VHva8Q2pM7X/tG7iNJxUMH22g5U1msk54L05iX5j00ohiI/Fzqvi7mj/Sc0v1PKF2OFFNxgUBViVzU3pSW51GMc8QfJuuxYhuSlec4N1DNtrm8HJFtlAppPXwf9IvUcImmRATXt0nOBnQUmx7cBhMeLDst6tFqg2kJXnwzHkUCoU7HueL4w9NYEnUb+l97XZa5h0pewuCpJTQ5zSG9wCyKbmlfP6stjKppZ2MOM9N+PL1Qd4+48s5hCII2I5pGgxn83h7PlHVUHY4h9XXMvM4HorcPSe/VWyHRwNics7sspUWbyTrBfmaDmMMEqrzLdGUlfMGmqKI2zmxg3NqkJ8dmqIggRTPg8OiI2pmGwnje5JB53Ob9+meWB5sBzv6Jnv8yrv9sbmnSFokS5UR+vAVBkpivncvLvW/10u9o/wSWoNgysu4mAv6CwEhFmAw6bNbeZ3prG9bI71OzCvTidLtxROCE8eJe7AMqokPM+Sw8+mvMG1k84guWAzvUFDz9FYvOMOPROrFq83hNBXWTbkJaR9AFfjMbd/hjfO8zynoUVjrY/RyUGRVbFr2TN2uGENXoOjR01PqhFVRfFc80VU/42/IqIHAzRkvd0dW+ahvftb0de3HC3ch5gE/xnO6b0oKSw7b8d3YNQsue0/ErHZriJ+HHpR1jy5bs8hhpL/y2PNlZR59lNA3+jtr78KDBX3wyZjCJvvOfoqz79t5HsYEXecYaWEtfM4xsyNgGJHVCUFcz+6B/KNSr6EA6nZyEHXIzjd4JoPaTk0C0wgYh+OG7CiDN3nX8edkEWZS8/tU05Kxy4ibZ1psDkBoKwc3yQUGBB1dS4a9Keia9j8lO2K5PQXYcwG8S0QWsaqqWHpyNgqN3sJOPwoZMiM2F3hro7FD6HxE7rzcJ0Wv5I1PmU1nu9PeEjdMK2tnPs3Ez2NzZPguUX09rLcUgE/wo6qOJafSd02doNX1FxWmPgVRqMbsXLBkO6KOGWMIhN0XpevugTSKbjGtL++azMkr1WzquuMT5PpFrIToALvfUATItIQLyEebx9AzHjkqA22tawWG+Y/2OWe8AqNfOXp1rYNBgbc0oKH7AF3BWXPQcEPgD+D+kZl1hbPkblBI7yhMbIxC6q02hQO6KdkGX+GyFv6HGSBHLEnPnaC+mrsuI7wm8pPe49bymXLIJnj6K46U3vAPzCqYRxeV/f04BxY3JmlRQ9HzeJJ5fi5w/VjaumdonPFJ2Z4Hq8QFmnu0nmwLDsS3Ohz3bXgLzQ8E1hh0fQ54ywy9oFCt0D0JWATgBP9XWxR3UavZsLB3ZYfIMd9APM25CXWD6aAamzrFxi2jjZ3x1wOM3EtZj64r3xL0EyTLwVJ76QIk64j8Gxfgxp05RKTCegJqr870J19Yv0G6MBqc8cGzWGVb9+fGBJTxva1YVjcA64BcnRVY7Ja3Gt1kbnom39Smv2UaPVULGOn5A9ddR3/9G7l4k/+d65TTWNI5YSCjB5q8E18WUW11fnVgEraQiZGD+j+bYFh1grXS2E8P8+KwCzpPnClfmLsEkh8pGjqUwNrwxFDdDClOgAUpb4aLgnyjKWEgXHfPfpI+WGiUu5TSbcyH7rHG0wcNBeyo0DvxnnlVz2DSUVFzQME/TI1b88H9j6XuviGAUHcqi0RPyCT5jf7ADB/YK06OaeSxrp5of/WGqh691I41tGXmT2k4KwMFGfQIZFXsx8K0B9jCXcYIheELFdF50nVLppTvsDqEI73f6WIkLYA7z18kCEj20xgC8ayBoZbfsp3c/EZKylfig/khc8JikKFxGVfyQi0wnf1ISlE6FSABQbIdk+blH4TbY0zsnRkJO0wZPHg5HzGiV/0StpNqwVjyHJiSAcVrSDNCstfPpbpCN4E8KTtulhDxHzKdLPBYOyQCYBSDY5dpqDLB7G7Vr62W0cBL/W+wshVGSw2yNcmvkwLKKhhLYHP+5hC+xbiNZqOxbxcnWo3tTd1pgMcrrvDGRNLC5oC0aydkuuDajjvfQubH7ZYsqjP+WmergwJX7/m4BxAHF/nbJaOyNBO6u98TX6UbE/fbFZnQLqvyIw7lK5OHGZRWXPQmnyLdhjVsI4hANwCQE91nAkgAotiWI1zNjmXwOibKYY0x60I1I63L/fI62+pH9BNtLUOq9d4iPFhZzsviDiVBdsFrsKFyZfIoHTWr9G1KKx5PYpskRfpXRx/lIpoXAHWf4A+9ib0WUg/9A0ij58bbb5zsOeD+TqnF/ZdvKI+Fsv8W3Xfjn6N6zlQhW6gjmIv4fLjNUriwHvUF5/e6i4m2OMSTbKnO1VlkiX6J78m/JZzC98Toe1FCXZQOxhXnDrHom28yzYX5JLx4b1skxoyj85MMRqZdAL4SJ+PgPrYDNCPhjBQ6JoGdUKkolZCATT5R5yCE8sWNe718FGyJz8XhY0k+bECc3Hc5ZgpCFeIU0hBopc5ELrhKIGumEgrt7vitE7Rhfx5F+K6SA5EbanwNVrSyGhgCtjCbhl6qsONliHPd+lSQ+CjVP01xHQ7gUE1HXOxbx67B0ukAYBdjOSJLka5ms00z5We4vE8tfVzE/8x4WlgC8bJQ0lBRDBDMFsfdgyfKHx3IhQ/MhJ0qCJlOW0W2V7WLn+ado+19WsnnorMI/H6GlwQuuN8AEJURZU2Hm+EK+dqFQPFxR5OVrZrkU8t5T7jAmqb6CN+bxBzBV/FZ6k9xr+Q1hngP80yoo+/u+9ciD3A/lotx9iPBdi6buviC+KoxDwDxv+D2wzPNlsWf1uOr5nmJXC+zmXL1LXBn/Cy8i2sX3PTudR4SHbF2lSCIyiScsdsfrqOHw5ZjYgZUxYsj8/iDIoSuPKt0conj7jfBJE/BtGBMwVdF9pGisI8GZvbCWZ2rdeDT2OpLJU1Rzvonseq/j/rB7REu5CLRT6MhKtwstxnQ55pB7FDxU+/GsyPd6yhgVqCzd3EGjy4yRaH4An2jSnEFukRzvAH4IXhqo6HI3VbtMWc6Fxj6E6i2IhnzNM3V3qoF+sy7bmX6dUzVY5Y8WZbL18xrmYHcs3cRuovzZ6ohifXXa23jo4IpVOU0TqoFOhCcgYgTya4dh8MaqNFv4MSyE5tkYaecQjpJ+tAY8+jckMhyehAi1uG3oIuTiDaYCHnoK5Zqeo532BHiCoPfC0cX9t5isW2+ZcSkbrwAbK2lBkjWFs3ADnYuNG9ECIhGEPNaqanmSJ30Ap8R0PHI4n+qzZuNn80IryQk6GVQHmRz21qZtSPaGAVSAPJR0pxo+bSes463E52hRnxsT6f+GITMJQBpHLpfKJ+4rMiohswltfJFMfiRwAb0GvoOeGhdaNg58T9XXl6k9dReymdx2YjMLkmC6TN/wVeQadrLU0WqM9mNrxi+53o4CgjFc21SeZwDo4YFNztO/9vSuFJPWqsJJL15kZFbpkMXlcPVI9yLZgkup61pfUrSdXJEQYBkKgYkYfkadglk7RjFcwS6p3v1rQgKV3cWjkenSCkSEyGkaZLLpfgoXxJtg5QmgqJDrfPEGe3THCI72NCuOahmX92N7tK6DvR+xHZY88JCD3pllwahFDsUzF+IgyipEkkCplXCaw19yv3w8YATyePAfFtSda0gsVnHmCehiKqDPZzlNf0qmm61p9+iuslVBSyn2NMEUR3dS5YWLqXCXYdR2Lgea2JPWvWlXzNvLzKS6jFsSpgMbEw6vrAXA95+9bQqO1cxOmkKozNYmoldvO8kAjo/Yk9eCJSMuk7xzJWAWPceoenYvReHwR6Z/RClvTZUld7CZ51maEkvudjqy0X5Pb5vWnfo/JDpRE0sVNr3YIboZIcLGmL8bYmb5+h7VKJMH932PIfMuKAtjfHXIfuVDUWsI6QyGO1FzWV7qdIa9CDw7Lwz+S/YuI0xjbCoviCa4de4Rh3vULKWDzRGJi3nuSfHC349yG+zsyD5oVXLnx6XSFusixKE/7tezEsEDlmZ3+Q+rDjMg9P1hS4dDgbg2Pz5UlGq4SkI7LkKir28SbDwhEXwGLJp78MDYuwrntkXHYpo2Xcmm3uYzNhFBLvfcfNd5h7xyBp2yHr+GdzcCNV7FNhvUOx0LM992oey3zPSqMWlfzFSsBsc3FsAxHduO+XXDo4f1U7sW5CfLKKKwlihhGkAGYmRMCsGQ9mbXLF/pGzSG9SkxMiFCLiGjKPFc3/nTSJsWmlpTFCAwmrBNBa4/XTgZEjdOSg4plTvzxySj5Zu47wbLupLoy96HfQTyu7uwjlSakTWaHgNqbTVRnyKGC3t5FUIiWsABPrs1bYHNAh/A3nozTCQyvOX1DE51um5ZGQshOPggF/K7Tm4EAawui3x8dETAiNqLi8zkW7ffSjwPUdT4dICW3fA5w8Wa2ySUplrHoctSCVJFDaWJqWa6ZuF23V55g3DrlWyl5cH2w6nQsA0oGUBmLN0hidCHVTow7xu0l+XMX6HYU4bcttXMXZQtnOZfvNFmeWr6uivAET8xCANd7iwOTdTzPrii5LWBRwJPFyDl/nuxvwsfVEDCzBTeJ5nUeyBlBDPV4O28CwDl3LU34ob1qYAPLGfefqF2JpXFTxrWLWAwbrfQVybegr1WFdR09lk60K5IFmc181by/Q5UtlVS4aPTopSfIKe9lRfimq7jbCWTvelyIiH8V7g8JWnrRZ09Gb/PCaCWSyHAqecoauIrucMLE/4uHOaUtDa/uG1V0jLAFtEFi1KnEzPKac5sCZoiRNBjxCwgefjBKpXg/k/kUlaXpVJGGQxnjBxv8KqSTfNES0V18ItKOOLDLpPUdhPu2xtOkyZs4WgnpNI0mmwLAPNU8GDSAlfpuujjUwFUJSDxTfmZNvvQc/RBt3jox7FIw5kKkaZmBBuV87V/t+g1W3vmWgRc2KJFWEGuOGo25Y844wWS4/Pja67wNTJ9zp31+WXCrqM4Xy5CubRXnTQJxgoXx+tBJfq2jWTgDKq29i4DNGTp48XE5JKWHdeIK7FkiJpVLzbvxcdP2BDab+JgpgCUXSP/xTSseJEJyV4Seh1ccLRxuh0GOhA2Xwb2C8Q1qR9BkbIv6+agsMvSvTT27fqRd7WLWo/92mP5QNBujp61dNQieNe11dAYKxjhV6HkqqCjkff3IW57fC8FPfd4fkqTk9FohMrECbTXa3o7+GwUBMyvxRr1BTiTK2G8Nf8B4gWx7xpQh9u1wGB2PZrN+jCA0c5DKGnGIwCRYBrfmD4iGLTquS29xlomM06Vq6HZGILepepSRKxlyVORZOdtVCgN3OqY0PL/qwb2T4MObZIFHWN+WR6v/rgpV3E4N84bBa3s1EU61RpRF1iS7+xtvxqYGqlH3/QCcI9dxqjqHBMp3jyZUNxEnaxpfPu1lX7aXNHv7wVdY8WWKPpt8aPZL/rwHUaXf2Ks/J8OhLHqmrMtxm7vamkw9iy7SYr/8psaaL0HRctjBz/g8Di7UG1mN+4Z4y0lcJpQPUofzTBBzWUp0a2k4cKg/REgFKpwXpFcCNPe2X9PiTfEZMH4sliXWBdNEIL8Js5SXMU5lno5bitdFlh25fMjc96JJmpEiwO4FOGyuG4+2su6bxGDOz+sOO3kAb/2suN9hA+FQU32txr2Js9xRzCL32GP4Jlcx7vK8T6y8juhccbp/K9QtFTsntfX5zkRZcEa1MyvOa8maw0VUU+aluOVeZHcg+NKw4yyZKwwIigxH9ar9yWW2jtgCJ+Jvg8XvfW1yjdlqd5oAfSDlExpmU4xPedfxXesgwFbMvHp11W4MV1NvsHk4FWLnhLHuw2kWmPwqp1nY/7PO4Tme1b51eO0qCuLWfpon1a3PaIHQlknPcm5xRvuo7FEbbg4S7GxIUJ94xbND2Z+H0FtviYa42KMd4tVj4qXF1IvnG+D9lUcBB5/2+NSwgop5o83HcynyErPc+YpaapOhqBAyeuWHBFF+8lTam9yUjTJ8U6m3/hN8JDNh/pXzuMqd/QdPdcygjlgiBtr7oUiS2/+11FDsfbDlfjUlA7aG6SuUzL4INwe6BwnVLTjyUlFIVgK67HNvVUWgxI7Xie788vsIutn4aflj3rc3juO2RhG9z8IJUKhMKNaD2ivZgzx5na/8D1RrTNQeZ792UCRgAnw=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:42:12,738 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:42:12,738 - INFO [Shibboleth-Audit.SSO:?] - 20210417T024212Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_qr1eunurlf5h852l05upfz45nx2limo7iqaq|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_5ddc564bdde8410471017f3cbf9d06cd|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxRtcCVa4NVMviCI5h3jG8R2IFudqIxrakfhOJf2agJZQQRR6pty3z6iqbVhXrFrxTQkL5GnvE3UYPZlomS/I/R6gHA5UEkV2fLMN82QbzrMLpgz+gaFNlmlX0uiaWb7VgY7we5ZbS|_19697868c79af50d361a38f2798a86d1|
2021-04-17 02:42:14,330 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:14,330 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_nu3weouqtddeakerpe04bzmonsulfwk61j46" IsPassive="false"
            IssueInstant="2021-04-17T02:42:13.710Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#_nu3weouqtddeakerpe04bzmonsulfwk61j46">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>e5B/HXP0gc1/ceN7ayJH0JcMflA=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>YJDelRuSmTIgqgx9C0Ckp9kDpYs6Bufjxq0rhz4+P+2ZyBmRqv4kM42ldbLRZlwrZ/QPitE4l8cwAR1BcZpCPvEek8IVKjpsf5p3QGA2rVjxkh4ZlXjcPTPt/VtxZ3HT01+EPEZrUzAZWqbYTxmSahYHvfudi1JfElhduyBTug00y6OK22D+xM9IF65WbVSnAfn7IzHWxvht0+RUI1L2MP5NAFzjCzPLXFF2nP8j3Tdn85+y2IbnvBzHjKqnMSf0+IHC/2t76SJNp6Hv4gFZenGDvwe4JYUAKTShjn8CvcT6eOZ8EfWwqQnP59zdj7BG1QVLF48X70AfOCpVygqvVX+N8VbCNppGS3iM6a0cMPlCZs1TcXPmsdWMKxm5yjgEf15aNyfNEjZk4XvNxS/jml6Djslcy9qd1vQ7oVwKkIGjA9W1MeTn0DAYzIY+wMQlyS7skvzWk0FzXYULRbukCYSGEzPm+1CVBe/BLcpnQbUSvU9xz9qFaFg2E/jVLlCdsC7CX7w0vhW2baKv4Vrg2RezNfPx1Jh4OrcYJqJ+9YCpQX6fzQWIkceGhC6cUyOKGkjW6Greh1hOxxLVR7tmAjM2bUIi2Rv00qw+HbwY+j/4G+KelYy4eI5xFILUE9NacgSX+HQVvjt8Zz6ynAb11f19QtpKo1aIBhzfqT/LVQA=</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:42:14,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:42:14,331 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:14,332 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:42:14,332 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_nu3weouqtddeakerpe04bzmonsulfwk61j46', issue instant '2021-04-17T02:42:13.710Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:14,332 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eu-de.otc.t-systems.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eu-de.otc.t-systems.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:42:14,333 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:42:14,333 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2021-04-17 02:42:14,333 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2021-04-17 02:42:14,333 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:42:14,333 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 4096 bits
  params: null
  modulus: 780833212372818775479203473584756908157478511960940665833104329026798488708412096463957730986031560699536971604685793755631469735164638528103712796586941283248391093334537473433816881621841433643551509545784341528479466257077570253340730459394524144439470561825531880309380078893306187350760119973863502110938239690056732532237576015713410817092640951029480915162489671542971932145619144868209527314440670224923750462549444079548603408012564298657143697912591193544433644075598026106926646468811820504111621425556553238066495807276626045802944049622045278146600209515759289448446049845276793009470678806630505639155872685517611976298041379760153258369441443706608834473698951737339296605180924342991774924896400530064019217902076139971478880191800808152349664734915206316567268459208984314092535956712275165633295073845619623808442937959337568063845846898994885404695455333181998103624287019468478172845183368957698818849454389451360233262379190615859514122412619488103951846508060862137625955242500382805764622949031613773424268222131209239375233669763979843957564204575307568428090973147896709908167025351124368088974604728720021626763128224355694102358346473759582198635778329138017968133082524864864810444234076758890334162214979
  public exponent: 65537
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_nu3weouqtddeakerpe04bzmonsulfwk61j46"
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _nu3weouqtddeakerpe04bzmonsulfwk61j46 and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_nu3weouqtddeakerpe04bzmonsulfwk61j46"
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _nu3weouqtddeakerpe04bzmonsulfwk61j46 and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_nu3weouqtddeakerpe04bzmonsulfwk61j46"
2021-04-17 02:42:14,334 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:42:14,334 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:42:14,335 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:42:14,335 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:42:14,335 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:42:14,335 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:42:14,335 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:14,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:42:14,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:42:14,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:42:14,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:14,336 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:14,336 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:42:14,337 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:42:14,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:42:14,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:42:14,338 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:42:14.338Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:42:14,338 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:42:14,339 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@653798185::identifier=rick, context=org.apache.velocity.VelocityContext@6cf81a03]
2021-04-17 02:42:14,340 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@653798185::identifier=rick, context=org.apache.velocity.VelocityContext@6cf81a03]
2021-04-17 02:42:14,342 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:42:14,342 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:42:14,342 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session a3854940e4eae4b9c72de5fb6f21b03f066ad6a94730987081c78d3cefa92ce4 for principal rick
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session a3854940e4eae4b9c72de5fb6f21b03f066ad6a94730987081c78d3cefa92ce4
2021-04-17 02:42:14,343 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:42:14,344 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:42:14,346 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:42:14,347 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:42:14,348 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4
2021-04-17 02:42:14,348 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4 to Response _f457f6d8cb8981b2baf86b5eea67645d
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:42:14,348 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxDUvjxi38E/7Trcu7gKYZAiPXVUB5AfOZpGSAIi4p69y/IBDdvJ5uGbaOrcJtx81Uwo4s25fLgMQdmLKr7UnaAyZwSpnoYan6hXKOOWT9/4o0eZ8DKRwLMvfX9eldIipnukN1JD8X with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _nu3weouqtddeakerpe04bzmonsulfwk61j46
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:42:14,349 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4 did not already contain Conditions, one was added
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:47:14.346Z, to Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4 already contained Conditions, nothing was done
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4 already contained Conditions, nothing was done
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:42:14,350 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4
2021-04-17 02:42:14,351 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _4adaf9226653a60c8cf60b0fb0d2bcd4 did not already contain Advice, one was added
2021-04-17 02:42:14,351 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session a3854940e4eae4b9c72de5fb6f21b03f066ad6a94730987081c78d3cefa92ce4
2021-04-17 02:42:14,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session a3854940e4eae4b9c72de5fb6f21b03f066ad6a94730987081c78d3cefa92ce4
2021-04-17 02:42:14,351 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:42:14,351 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxDUvjxi38E/7Trcu7gKYZAiPXVUB5AfOZpGSAIi4p69y/IBDdvJ5uGbaOrcJtx81Uwo4s25fLgMQdmLKr7UnaAyZwSpnoYan6hXKOOWT9/4o0eZ8DKRwLMvfX9eldIipnukN1JD8X
2021-04-17 02:42:14,351 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:42:14,352 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:42:14,353 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4adaf9226653a60c8cf60b0fb0d2bcd4"
2021-04-17 02:42:14,353 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4adaf9226653a60c8cf60b0fb0d2bcd4 and Element was [saml2:Assertion: null]
2021-04-17 02:42:14,353 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4adaf9226653a60c8cf60b0fb0d2bcd4"
2021-04-17 02:42:14,353 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4adaf9226653a60c8cf60b0fb0d2bcd4 and Element was [saml2:Assertion: null]
2021-04-17 02:42:14,355 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f457f6d8cb8981b2baf86b5eea67645d"
    InResponseTo="_nu3weouqtddeakerpe04bzmonsulfwk61j46"
    IssueInstant="2021-04-17T02:42:14.346Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4adaf9226653a60c8cf60b0fb0d2bcd4"
        IssueInstant="2021-04-17T02:42:14.346Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4adaf9226653a60c8cf60b0fb0d2bcd4">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>mjm2azQZcbT2IjLMM2i9YCMVtKEMZhvokp1CLNqTZBs=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>UxEwtE36bjvu7vhDnBkz11jjSbFWUNjXvafo2XzLjxdcIkNpqte+++ax+FBA1+PcKa0vxuYXgcRgDBT4q9SCVFZwGWb8U2rmgtEhGox81i4KSvzko3ly/4GtOgL/BAh+Iv2LYAlDj3ARTljpRm8pcbK5ugSQSx7qTrj/bVOipluzorjFf3u3M5IJkvW9vr33K6w5XDjuSTx9q/C4nY+gV3LdAmTIOeNMblEtfdL8ir/YVyht88edtJEYrHRErf+SbkbBSsxK1KzJZn0ozTlVVeX2nfuwHpGtVSp87d6FxY/vqCkH90Fl/aivSX4MAr8/KrkW7gLMF3i6iMODs9VoaQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxDUvjxi38E/7Trcu7gKYZAiPXVUB5AfOZpGSAIi4p69y/IBDdvJ5uGbaOrcJtx81Uwo4s25fLgMQdmLKr7UnaAyZwSpnoYan6hXKOOWT9/4o0eZ8DKRwLMvfX9eldIipnukN1JD8X</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_nu3weouqtddeakerpe04bzmonsulfwk61j46"
                    NotOnOrAfter="2021-04-17T02:47:14.349Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:42:14.346Z" NotOnOrAfter="2021-04-17T02:47:14.346Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">nAiUC2to024yeAZY+hi62+3YRQFzLVhF6KyQyG0osQg=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:42:14.342Z" SessionIndex="_eb5939ae059ad9a01837dbc437b72bdd">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:42:14,358 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:14,358 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:42:14,358 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f457f6d8cb8981b2baf86b5eea67645d"
2021-04-17 02:42:14,358 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f457f6d8cb8981b2baf86b5eea67645d and Element was [saml2p:Response: null]
2021-04-17 02:42:14,358 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f457f6d8cb8981b2baf86b5eea67645d"
2021-04-17 02:42:14,358 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f457f6d8cb8981b2baf86b5eea67645d and Element was [saml2p:Response: null]
2021-04-17 02:42:14,360 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:42:14,362 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">nAiUC2to024yeAZY+hi62+3YRQFzLVhF6KyQyG0osQg=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_f457f6d8cb8981b2baf86b5eea67645d"
            InResponseTo="_nu3weouqtddeakerpe04bzmonsulfwk61j46"
            IssueInstant="2021-04-17T02:42:14.346Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_f457f6d8cb8981b2baf86b5eea67645d">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>RwEl5o33Q3hJCIBv3Yf4NQEwCbD7BaaIrfYErFNbELg=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>TZvI+jyhQa3EUuIon3Vhg6zG+KcG1RHPkX56/C6iOYgxK/mg5HTlG3tFfKLBQRASxBAHAkbDcrHe2PkTOF9jZ3qb8oY2hQ7+vQrYOB/Qs3Op9D0BOiMq2j4u9HCErJfIndN2VvihugOWbuRHMHxxtHABv0xFMusZS6++pZINmqVuk518R3jHCvMW682dvD3IWA9nwxGeIibb3AEYG6ecL3WUoOUYxcCAphoMk3IbYv3VxXlzPuS1/iVQHGtjuJhgxG0cH+9mm8FZZffkAZi6E/hvl4OM/YVRLdXrBLJzI9xQ5tCwcTnPfQRDznI9N9T23QaQt3YSKmp2dzPl0Vs7ig==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_03d3e360744761f0ceff27147935b328"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_252b7c79129e613543847e65c4a31fd2"
                            Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>XLDVM0l49bbda3zgri6FOmuDNNxin48Ae3Fu2ApZ1gjC0j1f0c1os9m2iMY8sbLlmPvvgElw/ZDuhm2+YUdSnttPril94wXZh24Uy3yCForIYC8tKkBNRBgNmkzeNFa+Z23FUsUuIjH5dp9KzsJuosL2x1LA4k3DnbIwzV7FTBKC2MOjUYIpNWq96esZG83ZAp0uQCuk5MKG9Q8FfKTdZguDv9zVMC9sNiUepLWIdhCJpJcT+GJd3H4R9e+NlDsvy8/nRSDQxbfNB+1UMh/YWHU/tIonbhKzEvgfK0dnJ3hbWo5xymIj9CmNFoXO2ZeQeBsJ4OP1oi9tZ9E+tPtXjASAxr+jWZGsIhdagDbzUzQs+4O5Vn0tKfAVKEUEeEt3uGZmqIcWBEGOpsz9/F1qNmNTwInR+LPs1Brw9t/CbkRAoMmk6GiHK8h3HMSwNMU4tRstJZj/XVj1HaJjO6PKtxnxLFOqsL9KovsJkeloIX6GvBF4ahHdxbJ6VLC3WKmOWKz0WdHKdrAyawTrEEvcwdgUhFnhV3Z7h+QTuexl2ZXTyVTya0sAylG0wrkKNHiytU3jqwnu4RpWYgvUnr3nB9EaSyDeephdwH2iZnfdn7j9tj6Kidqwi8VDuC74KiuWl3KQec3eIV7wQSKFw4Pz70fOPFlmd/XxcAn2xVlzc/M=</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>npy+s/i0AO0fAzHEyM4HEOzyC0xRmMWsI3XlKpwCXlnC5MdH9mPXk+cZJ88yd5kg6mlJzwEjl5ze6nPSqbds2QsZZeqOr3QFDYcaM8ri32x3QsZ4Jp1ZFpL0bwfjeSRjnR6V9wAJWmD3kHyKjv98KXLsV+6mv7ClZ+vd08B+/4cgbdTqbZ7PBPZdWmaM5KyuBlJBEnWsF9ChLGuyGxWSgvw/pnKA4aDLuf9TWmVwKIgwBVTZpEGtppp6zw5xKC/e57U6pukVh9VizzxLLDpcbV+TgRz9NUWeTWnn5hY/bKoTwwi279qjtlqOySpZZeRLN172rVYhEklPTMPem77VD4eOtOnB6BAegsKWGn7IC2ZVxDTk1yvHNJW2/bakZw9YlrJwVsU3YYkqpDoJ8nDKxY5llIysRcXfW15Cs9i5GxpE/7Kh2N6v2CTnF4/f+Q2a0NyXqRWb02qVUT2SQXM2fxcWG1i6TVrH2zAuYweSJE+UmEjoN4wCiLzpkFaYC8oE4tpRWI8n13Lz4+azZ8rnR42F5VL71iNEFkAbX76ceBm4SFQMWXhvgFrSK1weNj4UdPgH7EHrtTUAZoG9TB9FS2gJA+XDQtxAgDgJyuVvXZl49O/4wzql2FWWpGH9sVhuPMVFBuIbe6fLc1C8A3dNmGZizQqrfKDdKsVUOIiEAw16qdYNqnudL7/2mrDNJoE3CTiYaQIA3cFKce3mPRTYwbZPCgrCM4gdOeSrcYavwdrns9gNVQmvflMAJTikZSrlE2tyU/6UdiZ5wHBmuRiYeTat1TKBd0Mupr4UtF4iR9wwDLNSr5Jg+F+9i9dmeCwm0cvYuSoIq2/XtGadVm1hsk9xg6dV6bzCQaxpXyrQ9KBYZHq++XLTel3cxhnvWWAacx1gwpQvIbUMqUrLh33d3Jlw4ynA00VtuzZ+Y+No5E+lewMUIePiXbJfGLCU+pNoEF3HkhsTL23HsEf3be3ubna83cVD5tDshiCHc8SuDEI8iXoNAukfWzATCmoIpHfvxWLjhLlnUpCpPcGEpe0+QJ1b6Ne65tQgpg/0/ynBpNRIhAYVIopzGuhnf4S9JHy9aGgPkwM2/tU0VI1rb3o30ecStssz7h7Foaka4gNN0ijLS2wL2KzA1PxFquLegNl3jeZacZeLuQNYG9u2mN5ywW594lhLFs6R9psxnfd574yIRookHeEGYSuPozJvNXrK7TEAlw7+KIUiMQWJ7aXpP+S0LMQcJlIhtwBUuPb64uK/IP+XRY8cnZkpBTGgigmthCJxADmezfXfblORyBWWC5i9ZR/F/uoCdNSdjfzn4mxSB6EUYODJ6O/cv3XeG7cxW/hFMP/Kxghvs+qvZA59L2Z01TyUFpzkzjueYGrsNTyPsA6zNUlNsLCfBBzgT6oQWfRhltoHCBBNEYwBBNwV1qkgzdHQvtRWHX2IEN2GGwaUmIQT53kvL/21l+6/4m5wvbk383wOH4+LjHVKTZwf4AC7WksYcntRM4Wp3iWzhpgOtckE7aoPi3YdtlEp83nv9OCoTWV2fPtuqfen0RD9kWc/nCYyTk0q7M1IgeF3ILtMJmRdcRIaKmI0gRl92mNli4xDCeWtBDQS0Pe6znolNkBfwSBJJTUc8SO2Oa7sN8kAEp5RoPU18emhR++8VPBOqmyteH+DYOXFFqQ/Qhvvr9PIEkFBvJmTKv90pM2eWHKNDAxC8ozCGxHitadt66veVCIOMnoJKsvDIheSpPr8+Gru3ByGcfccFoHFqmJ8SclIgKz+9oEA5LKEOqTzOKi5/x3/kATWbKuAEOlUPs1oKmlL3KZEt15idUUvig717Ic82fVCgZFZCjh4AefbA9ck01j6r3LDJQDu7uFercPs/s/g+2/NaYffF8F2VldKRqT/I3Y05bEXKEGthFXMKQh9GROE0GxJ3wAl9xLnJt6l9/kKlYtNRWy+7I4frn23Y25YvHKqAaRdgGXuSI52+QibBImBCp3Jp6C48tw+OCFgacTISh9NFybRJWTSs+//yRq5LruICQ7XFZ7YeSoD3X3AdkrsyS/P2JJtnDXgxP1Y3hU3waRmHMiRhU8jmeKJ6yTCzSXw157wel80//fNa5PxgYbA+Uq8Qf17+00FeI1YToJoAVY+DexQeBNh6Dx3RePyzuy2MpJbhO3DSNT9QWcZtfl1kF8ob8hYn66NXIV2V5fg86dT3yaisThYwmd6K2RtVvwcGyFEnLl45N134EJDpiatlWfSiSTVI/2j1sFFBDVmrBcLsMWXzMOzoCr5FJjCnApyX9P+DlnRCVWq3qM0zJXBKs6bmzkEnIJi/u+MGJ1KoSpu3HkQ/KnXXA61czlwhq+6vCFHUFgMLh4KPYKuR8uw77IxHDhvvVNfkt8e5JAldpmVrdAVHOg93OXh71Rv2I2C5OmuR/oGn2swQQd928Xtv1cMZ23isXqBeSXbJTYL/wWT6Euxh1K31Nw8lKi3fM+uZRmFNPCb6395373bRKtVE2q40scCBumR4QPLi37O7CW/LCpSI1KSiAttoNWqGQqVsge6WsseW1iVwNRxJr4S60I+GmPTtVnvteCArZoEaGsO4nxwC8wGRpfiYJAKV3kCOQ/b4qZljszXKTmvxouqeh+vOGZCCah0W7IzCPz3hH17k8N/+QtmqP8cSqnCcNyOqwIuZmqVvCXoBqi/UUmMzedHskLliUyIw348hOmVT+BR0K+x/727yRBLkaKKYz6VOkKl7ebj5xRK9OpIcW7fGEz6nj6nzXAXx22wH6vK/oSZlkufO04PbMuq3PEEo/8PQzGR5nwYpMWTQsIJS7uGg7T92UHgoL77QP8H199LMhYTVkfmG3JM/gcQnTyexfLDjDG5G0GAd15NVp8SReiLENL2qGneGqJAheRDZJp5f7VruYFVP2AlyqtHsBgoLwaRm05xqFtMlfhDdfGhITbWD2IHGDp8uTNmhzIL6v2prvdoiuAjOtzqeamXx6widH1uu+XxAINFBVb6PZrwB7GeOEmFXGWXKIBddrZqvtjj5UHhTmHecD1MCaSdsvaZMctcn6Q2Jwch/RWoI5FhErmfVvYN/os58WaoVoPChpCVOO9LJErWaA1V/wEbwsK5xd5Jlh2nd6d4HhapvO3iAccqQz5LSF4sMxrgRDEcYeGseA5a9/d7cOgbl+AdLFOoMYM7ixOsJHijugJdYw0qK+IpejR0uBOUBwYvOkC9nOV6hoGwvioMuE2xclXa4F06bMbEeg7aM9osis6ADkfY+NFqCde4ccdXccMd6ZQaylb5tavk5jzBVT9QQ6Hs+rdv7SL22/xsW9UdnPu+7GIhNdWlCDRjKYd69cbY/Vkny2zPa0Fr17ranGx4PJd1R5AjeAEcGArcrdXIrHIWXPyURYKBg+xXYnEbIINmYoq5sWWLfID+nvTyQ33mEwGSxq18cfYKvJIEuVmJ0hn2BSiReVu3h7IRgBKu8Jw/xYUPfnvS55/qBVz0OGRn6LDrpu44gmGUpXzXxAwi9v13Vz5W7S8bUEshruaI1h8SITeJQrhvMliIUmKDxwZ4g7qs3D0y4RVVr9rbLebVB33k7hlZyOpb1S2tqaLD1PCQW2K0Pl8AQGt+xsXmXAkKPzBra8W/CrhgxgrbedPkt5VEIoiHw8fk8nfJUo7iDpeCPYzo67R3yXzC4ne2U5WPjnVSCFZWH3Pv2RQnhfetdpvKSM/PDx7EA14Le/lN+RHoYKDtPdlYhIhXjMwiHE4o9R05u7TbY0WjBiZhHbmsdfvp6Ppvu3Eal2HAf1k3lhZrv4xa/UVlzheoAyRl3XrxsfT7CzFGMcQiTNgnXefGBOzwI2b3XJJkV5W8lNUoMJvyJ0L2mn82aZC2cUxwfExuMcE7KG/3DzWNJc8J9f5vVQkVDJ5j9I9x1hJJ2He2GOrA0Jd0VQq7cN5CBxdRhharo6RuLF7WjZZv22YBg7tdBsqcHBexiCLq9ymXACnHPG+ByGWi25Zz7bBSvwROoTmDcs9SjKzxp8Bgr9RZFZzB7rueIwWkDvzNRCUb5jA6OlA2UjUzszU9AWQcQY5e69+seWDHL1WIR2ZSGxAnMunNKfZdcVD9hGK9NU+afrMawoYbDQvubiHU0qp6z1Lr4aTqTJvsI2tQA9zMJWqLgwbG/e7Li22yYdNZMxB+VVnGbXoRdTQj8JbUPx7ZsPeXLiNQTDoY5zMMCvyOFnGSZr8PSKCP4oQGeyYzTLsNICN886RHepAIk2eJTER7ILUwP5OUenpsS0LWcMAyuK7bldbGBdOz4lTjbC+dWkQhazR/ae6s3TBA8zLfAKVOuPm6MeZUVlaF3+23zPge1Bi5uE6dPBU35NQZsgLS3dW2HZsK4vAyHsvYlD0GGiS/NisNFYzgagB3be67WOcxAwSu8I7f9qtBUmx2kf2WOcE+0D0Rj5rQUB3KR6hHzBG8xvAfW+Je3O+AbV7tY31RgqPsVLltkmXKc73yZCJ+6W0KwvjKG39U9tH29Cut+9R7wbCwWrTCG7bhVs500PEXnVtg6ENSpLLNCjcQSTuWrutvq1nDT//UH+xFhZzoIuGrX4eiGoNm7uXBiMs1JTD451VTFPaS5uON2fupcZ+cG8COZkx5BtuvsLpHU6sGrgJ4nbIXgEjyNLGZU1mVci2w/D5RooXAgoDmzLiq9o+08pr2f1SDodVwHZ7vaHuWcem92uSdwT4nMkH2b3ANwlZtLnvOYaiegc6lcfakmKs8wTnmIYSpZZZJO6BJG7qIypVVgwuv+LVp3pzFromqm4RDKgZRjKgLoH+OZqLbJ1psOH5c5lWIq4vNwYM1rfLeZibsaN1D9mX9l16gnVF0RukPz8O92T8URUtX2tI0NLVszr8unxwdTquFFibMJM4GxhriMwJwovqv2sqYPLBHN4R8YTLRsGH0QHJr0oU1gWNAXtK5NToxFt3KXija+AO5ntCnjkBCC16uSUl5Z+WS+Q39jY2iae9PpGs9Igmm0lDg5IdI/DRLPqUhcNgBy+dvKbGAyV+iXcnbxUE5VLXK9fctOwWFsNzh4CqPtf7C5SOMST0IQn6PEqQBdHiCh7oXP9b7m9luCBeD+0zi05n3NtXz7slx3h9c41umb/Ahc/4+OwfRIPM5sM8Ndw3sBz9jQAQFYcDoI2KrJPY9PMAwEGXOjrOZIIEYY1gXYhdfRMZgzf+eGUaajx3PIWf8NtUFdw+yOyrikSlkefoQ+6ypuqKZL+57gL0Qo0BIT3aDV/NNk7yXqCtPblQW70Rk1OmiMzxFekbckMV8ud8D/5uZYbhBvNwRHnxEg5gfG9dD70GEQCZzJ84y2HskejR0Eu2zmXzi31NZUavdOynvHIEGY+tben6f7yQivHkvDNgEj51Ed4OVKIksPwaIAR8fbgd3vEMc8gcXt+royUeqPTyqhG12+i9Lvqu/g0ahmHlPP6eDyX+pJf9uFHTo0ZygoucL18p4cZJHYAv6OnPNi3taZBptpTk476dJ7lyiiwtyf6X/KsfJzN659FjQW4iZOKmr/x/1G/p0q/0umu4EPAmJTKKGL9FHBrKaNyykFBMeQkT74L3/0/7kX/uo+Ng/xtCYk1mTPstvrtzW3DJ47Y1FQ+y1Oom22T13Vmi6jlqAC6YwLfpdismT/ryYE9GCnE4pbX8gKDUhKRmr1otP5O3X33zFOII8hzw9j89ES2tl7B/U+Wm2x9JBijEvrgKLSzkHfSC4HkTo4DXJqbDlp6a6ROn/XXIR2KDw4KigsyUmTkTTucxoef1ns41XCa9jsYtjEtvSxLvworugP5qw4vTVJpuC4M+bjmACIgYbrjKGDDSd5NAJf1qvVXIsG9wjDFdNdgHBbf5hjQOaGl2MA0mGndYTFjuVTGUA6jRCvviuAynrB1zVVW8DaMW1LK+5eiWIVKGFuux3BRb8/jHGL+bGiaC58jrnnEJOd9Zji7LGK+gE7YY5rZ6yKZvYaQvtanYlg3ihUT1TN/ThwCIhgfsLlGXm18mHHRVeFD5ImNHYVKGQmz9K2X8Jded47bOXj9PiSodTJvn+tCxT37mgXWeB4CBhST35yiRN5gn+AgvKneNSrSo0NHLukuP1hLjiwgBl3+GTZPinsx79C4kk3SK1G2DLdMApmdbARDD+aDNKPz/E/hwM4f5y/86rhWpG85rpNuYVzKELAVbcY2PQv1+i2itlzxZTwDbYGrPflbhTALJXduMFqL1GtUkSiZMmRzya3DQRVIPnmyu0TdXclnogeofF32TvVE1oxeqfdUguYQ9+ExAVNE78f6Nhcwax3gQKCiYl/Ta+lUkUMDu6wgadkNJ6mUMFUkSy6/iZDQKB7nPjUMHcXXbp/01Y+tYBmf4dsLvZGa+C1JGbeqoUFf2d/3HQHzDQs+o+K28/Z+Ar6dFZwMuqD+r3z5D6GsS5qbDOswKlbr+A8YuOf2FMVWXXXGVABt+l7XYPtdvzn3JoupP/SYa5HwEkjUE7cBu+4JxV4pLYjs845GBB4cn9iAKQX685+eEaIF8gBw5+qO79uvTH1dVu7AHQlEqzvyQZJypO2IOJJ530UGTDNA83cUY7swEjubrIjAhTfiM14aoDOPcY1w8/r4IxX8JZWHhMF1fjysU2IOHEYtaogT2lpDjt+MIRczkFesuaTm+OEGdwgvOFMsq90xmt//jdefIpdD/qybw/nmrUUr8QJLUvmjdeSpJGbXzcJQw7RF1ZMyPy+glmg27m4VmH8oiKABnKWCXdAItwJF6q8J3m1atGfbCjpHu5vWLTixVSDlL7rAGPbt+DS86TblD/xCYCBSspgX2DYlwjqhPbvORMoJm3Ij2aeNHF2e5ReYA3xlFpjl+VhlSwoZ1n6ryBP8iRdRUYM/dxW95Sgwxjfpd2bSL7MakDtnvMs3RVQZpWj8KgoJayT6TrkyZWY6g1PkwFQnMlOKS/T1jhoFkftwcYOlTA2d4KNbHEVdSA9hRBJCT5n6qFxOgKqNbJgORqIFgv8d/vm5QaLD1O6oJzZf9kTHNJDD5p4zdsdTlADDmSObXZze7JbBHL9zRSqcI/2akU8m9J7ttGiOvDa3zxLGOf47fq4dRr38Fvl1rE53NDxPayfLksppriB2bNKsyit5CToaadaXcf3F+BR9U7BGBpVJRF0EAWGsznqPaKANQ5zj+9h0u7v94Wh3V11sZmATxpFoY8sr533UtkXOVIPlssowsB96emnGXeJ755Jh6YK7DI+0AJyj+BEdYnz/0S/GEc6dn1YlKU6XOp5p9pq4S8Ak9JNXusiSh98uoWRkvcAEFLbNbQVZSWk15Ya4mJoILBNJat1xDvbwBiJxLgMmklv0mQ2y8dlziTW5CYwH211g9P7gaZqvf87CzZdfEsE0WCl2psbegDuun/CuOS3KOyGnHpL0POQ4/1yJBcFfzGAWpaMa1xKnjFpVCZ5gvykEbcPDf7clylXe+2K5rPu+GzLjb0Sx0YWPrgmwWa1lRjTFte5+d4NLscnDlY8FOkmR3nA9UAq8F560O01ArYuTM/n4mvw3lhVK19eaRCEQnHqdWt9M4+Bu3BCErPPoVz01IU2hH+Owg0LZcqF7h06Y/BKrnyVpSysQiUOdttcKDWrpYJsyrWLX2D4/J3UzG1owDnqs6qjl8VSssf6icmGX2qfa16CdY8iCIVnJBIe76eZyYdlZbmpr++9OoBukKWkm8v0u9mIOgI9sk65UDhvEvJPX1YPL2ZNYpbf2Ij4SzsOWRK7ArR5UqxgoGt7jQB33YvUcZoSyGER/BBwTT4l2AMgXwA4wh4JVa7+AdqM8LTS2uf0xfF03QJHsRuzZScNXLh5uq8UutL4Sgng3OW970sruvMLVUsuapw72meep59HZUo4FdH8/dPUGPsNn+vDTSXXMUKquWFvpM9hRXjidZEu+dI/76Er4jhtbeZvVvydkSSxmgJMtI9/uaQXqTinYf2qrJhYTyIJHYKsSJCJCRJ3MGE+oUcGh8X9+X/1BAiC1Cd1cyW04fyL5E096Yj867MztPVv6W2iDuBxIpn9uPUqJHYQqykEL1bMgmZmx/O54hEXXsbhIASQzcFV8Ag5JA60uPMKXrAFEEv3HcyV6eF6Z7pK0MCs2CLEUSS9O2evfgRV0esf0pptwE3EsNOggUkUsSwk6v6Hyl210pM0a2XBPTaXONHfJ29Zt1wx/kleXqjfbnJZ9M/VyOF1pMXwbPpACfYxNvHGbUrQZtnLeHxL8FW0hd7nupzgB1ozir8lYrDylsQCV7RVc0CoHPdEMzKjgQOlydaQ5m5VTj9c9/WXCv88w+Y892mSHIWIh+lfmebElIfBeZlbbFQ3zuoFhXHQpDZviospn4yew43GHrvogO6B9mMAYbsElCmwdXC2MVkS2lprlFkPRuGnGDtAoM2S1WWl7u2fTMQFTCZD9L/JTMG6V/zRvd3n/tqVLW02F+P6LSCSxK/bKK/30KZ1i5+yh58vlWZoBibH+Ga/UCkBly91ittgoiQzcsGSyZRjPN0zSbecf8QZ8B89ZQk2MiUs7xrMmgqur4vs2LcMl5JNdY6H5Q=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:42:14,362 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:42:14,362 - INFO [Shibboleth-Audit.SSO:?] - 20210417T024214Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_nu3weouqtddeakerpe04bzmonsulfwk61j46|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_f457f6d8cb8981b2baf86b5eea67645d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxDUvjxi38E/7Trcu7gKYZAiPXVUB5AfOZpGSAIi4p69y/IBDdvJ5uGbaOrcJtx81Uwo4s25fLgMQdmLKr7UnaAyZwSpnoYan6hXKOOWT9/4o0eZ8DKRwLMvfX9eldIipnukN1JD8X|_4adaf9226653a60c8cf60b0fb0d2bcd4|
2021-04-17 02:42:15,689 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Beginning to decode message from HttpServletRequest
2021-04-17 02:42:15,689 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.IdPInitiatedSSORequestMessageDecoder:?] - Decoded SAML RelayState of: null
2021-04-17 02:42:15,689 - DEBUG [PROTOCOL_MESSAGE:?] - 
SAML 2 IdP-initiated request was: IdPInitiatedSSORequest{entityId=https://iam.eu-de.otc.t-systems.com, acsURL=null, relayState=null, time=2021-04-17T02:42:15.689Z}
Synthetically constructed SAML 2 AuthnRequest was: 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest ID="_dc32d078-b350-4ef4-b870-1dc9a62f51e8"
    IssueInstant="2021-04-17T02:42:15.689Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eu-de.otc.t-systems.com</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"/>
</saml2p:AuthnRequest>

2021-04-17 02:42:15,689 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseIdPInitiatedSSORequestMessageDecoder:?] - Successfully decoded message from HttpServletRequest.
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:42:15,690 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:42:15,690 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:15,691 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:42:15,691 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:42:15,691 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:42:15,691 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_dc32d078-b350-4ef4-b870-1dc9a62f51e8', issue instant '2021-04-17T02:42:15.689Z', entityID 'https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eu-de.otc.t-systems.com' does not require AuthnRequests to be signed
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:42:15,692 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:42:15,692 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:42:15,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:42:15,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:42:15,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:42:15,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:15,693 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:42:15,693 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:42:15,694 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:42:15,695 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:42:15.695Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:42:15,695 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:42:15,695 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:42:15,695 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:42:15,696 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:42:15,874 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:15,874 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:42:15,874 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:42:16,226 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-04-17 02:42:16,226 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2021-04-17 02:42:16,226 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:42:16,226 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1251125690::identifier=rick, context=org.apache.velocity.VelocityContext@6c206a4e]
2021-04-17 02:42:16,226 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1251125690::identifier=rick, context=org.apache.velocity.VelocityContext@6c206a4e]
2021-04-17 02:42:16,227 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:42:16,227 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 41c115bd9f5094d8a54f19117cf21cc46fb18205be18492a2bdc2fc1b47fca66 for principal rick
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eu-de.otc.t-systems.com
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:42:16,228 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4fbc3bfd'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:42:16,229 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:42:16,237 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T024216Z|https://iam.eu-de.otc.t-systems.com|ClearAttributeReleaseConsent|rick|||
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: Attempting to delete consent storage record with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.RevokeConsent:?] - Profile Action RevokeConsent: No consent storage record found with context 'intercept/attribute-release' and key 'rick'
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action RevokeConsent: No storage record exists with context 'intercept/attribute-release' and key 'rick:_key_idx', nothing to do
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-04-17 02:42:16,237 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:42:16,413 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-04-17 02:42:16,764 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210417T024216Z|https://iam.eu-de.otc.t-systems.com|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://iam.eu-de.otc.t-systems.com, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1650163336764}'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://iam.eu-de.otc.t-systems.com'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://iam.eu-de.otc.t-systems.com]' as '["rick:https://iam.eu-de.otc.t-systems.com"]'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4fbc3bfd'
2021-04-17 02:42:16,764 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:42:16,765 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:42:16,765 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:42:16,765 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Inbound binding urn:mace:shibboleth:2.0:profiles:AuthnRequest is suppressed, ignoring request ID
2021-04-17 02:42:16,765 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: No request ID, nothing to do
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:42:16,766 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4916bc485c32d68cd693aafd842223c5
2021-04-17 02:42:16,766 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4916bc485c32d68cd693aafd842223c5 to Response _b2f34e94869d69d99379de6ad81bf03b
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4916bc485c32d68cd693aafd842223c5
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:42:16,766 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:42:16,767 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-04-17 02:42:16,767 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration did not specify any formats, relying on metadata alone
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxJYtnzEqdFSFBc3QhFsk5WetugYD/U6zMCYuxgXDX6fvEnYcTcjhROkNbeEN51Rbf3H9lqMWS3Uz/MfFGXOrURTmu1TnM/WolWQbuLtLtNDpmUneXtjuaO3omO0UeksmcGXNNsnPM with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to (none)
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4916bc485c32d68cd693aafd842223c5
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4916bc485c32d68cd693aafd842223c5 did not already contain Conditions, one was added
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:47:16.765Z, to Assertion _4916bc485c32d68cd693aafd842223c5
2021-04-17 02:42:16,767 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4916bc485c32d68cd693aafd842223c5 already contained Conditions, nothing was done
2021-04-17 02:42:16,768 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:42:16,768 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4916bc485c32d68cd693aafd842223c5 already contained Conditions, nothing was done
2021-04-17 02:42:16,768 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:42:16,768 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eu-de.otc.t-systems.com as an Audience of the AudienceRestriction
2021-04-17 02:42:16,768 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4916bc485c32d68cd693aafd842223c5
2021-04-17 02:42:16,768 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eu-de.otc.t-systems.com to existing session 41c115bd9f5094d8a54f19117cf21cc46fb18205be18492a2bdc2fc1b47fca66
2021-04-17 02:42:16,768 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eu-de.otc.t-systems.com in session 41c115bd9f5094d8a54f19117cf21cc46fb18205be18492a2bdc2fc1b47fca66
2021-04-17 02:42:16,768 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:42:16,768 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eu-de.otc.t-systems.com and key AAdzZWNyZXQxJYtnzEqdFSFBc3QhFsk5WetugYD/U6zMCYuxgXDX6fvEnYcTcjhROkNbeEN51Rbf3H9lqMWS3Uz/MfFGXOrURTmu1TnM/WolWQbuLtLtNDpmUneXtjuaO3omO0UeksmcGXNNsnPM
2021-04-17 02:42:16,769 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:42:16,769 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:42:16,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4916bc485c32d68cd693aafd842223c5"
2021-04-17 02:42:16,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4916bc485c32d68cd693aafd842223c5 and Element was [saml2:Assertion: null]
2021-04-17 02:42:16,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4916bc485c32d68cd693aafd842223c5"
2021-04-17 02:42:16,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4916bc485c32d68cd693aafd842223c5 and Element was [saml2:Assertion: null]
2021-04-17 02:42:16,771 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b2f34e94869d69d99379de6ad81bf03b"
    IssueInstant="2021-04-17T02:42:16.765Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4916bc485c32d68cd693aafd842223c5"
        IssueInstant="2021-04-17T02:42:16.765Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4916bc485c32d68cd693aafd842223c5">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>dNTjmBKKYO1oqS61nQc+kPiAoEyhJ05nO+oVMWqjBQY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>lWJHnhtiVhFLU8dyIhZMvxZs8nuiOtEGMCURpb9B1BA98GANVbOfY9+307A6qgaihXtKOMbebpDreBxlE6xqZTk+tiXzGlzXnGVKFIvGxhbEfZPCA5VY0zFy+LMGTWG1pl5FONSWizPrcZ+IaWKXYxTT4rMMyRRKpbXkEXAK3vSVgfjgeH7AjViYbrw+Zz9VBxKHa37eAewHb0C1UxmE70SRaYigQZ3YJaeuaD/jUnafWtgkRmDZauDBKd7vQWDa09MqZaZNNRE5eGD+hBPR1ohKUH450r9Q/B8Elb4JWYgNlzEBPKrrdx3+izCxuD7WjEC7Alp1IyxgHjUyPGtR9A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eu-de.otc.t-systems.com" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxJYtnzEqdFSFBc3QhFsk5WetugYD/U6zMCYuxgXDX6fvEnYcTcjhROkNbeEN51Rbf3H9lqMWS3Uz/MfFGXOrURTmu1TnM/WolWQbuLtLtNDpmUneXtjuaO3omO0UeksmcGXNNsnPM</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    NotOnOrAfter="2021-04-17T02:47:16.767Z" Recipient="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:42:16.765Z" NotOnOrAfter="2021-04-17T02:47:16.765Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eu-de.otc.t-systems.com</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:42:16.227Z" SessionIndex="_56bb5c5bd5c3682359e9c7c2d3bdc337">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:42:16,772 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:42:16,773 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST
2021-04-17 02:42:16,773 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b2f34e94869d69d99379de6ad81bf03b"
2021-04-17 02:42:16,773 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b2f34e94869d69d99379de6ad81bf03b and Element was [saml2p:Response: null]
2021-04-17 02:42:16,773 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b2f34e94869d69d99379de6ad81bf03b"
2021-04-17 02:42:16,773 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b2f34e94869d69d99379de6ad81bf03b and Element was [saml2p:Response: null]
2021-04-17 02:42:16,774 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-04-17 02:42:16,774 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;iam.eu-de.otc.t-systems.com&#x2f;v3-ext&#x2f;auth&#x2f;OS-FEDERATION&#x2f;SSO&#x2f;SAML2&#x2f;POST'
2021-04-17 02:42:16,774 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-04-17 02:42:16,776 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://iam.eu-de.otc.t-systems.com/v3-ext/auth/OS-FEDERATION/SSO/SAML2/POST"
    ID="_b2f34e94869d69d99379de6ad81bf03b"
    IssueInstant="2021-04-17T02:42:16.765Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b2f34e94869d69d99379de6ad81bf03b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>0G4b1Qp6KP2WFvKryfB3xLAhgmuvIP5gf+EIf7gs3Mw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>m4NpoGKGGfUU92X4Niqs8VWz/nsTni805pWCssvL+ixkNqfPzCb9Twn3AOPT4oypg28Tbp8Togj56NrhFJLX99n937XhFHw/GljKMPPjIbtP1SsxLMhpZsfW8McwJgwCiNmpDyV8Exg6vnIqwOS6mJ/GUPFtO50MUj1P0l94GWjLjv69hYM7N+r2HcPDhClwYwb62n18aAtlvIT+OfOK3JhVzYAuQkJT8M83ObjwMGGtxAN9V2IUDiPIxTxsKG8xjNlqPwsHOiyp3ZpKvf/aBguJtlcjvj8a8/b3HWc0J/jlz4NkqxYk/BU8T4jC+57mbzy2C87mQAeXHff+fbAgFg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a31fa808f387c07ce0265d2e1b7c084e"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f11fb4b29118f0a01c24b173dc943be3"
                    Recipient="https://iam.eu-de.otc.t-systems.com" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIHeDCCBWCgAwIBAgIJAPRelfvZJrG9MA0GCSqGSIb3DQEBCwUAMIHXMQswCQYDVQQGEwJERTEP
MA0GA1UECBMGSGVzc2VuMRowGAYDVQQHExFGcmFua2Z1cnQgYW0gTWFpbjElMCMGA1UEChMcVC1T
eXN0ZW1zIEludGVybmF0aW9uYWwgR21iSDEUMBIGA1UECxMLSVQgRGl2aXNpb24xJDAiBgNVBAMT
G2lhbS5ldS1kZS5vdGMudC1zeXN0ZW1zLmNvbTE4MDYGCSqGSIb3DQEJARYpRk1CLlRTLUlUU0gt
Q1NTLURQUy1PVEMtT1BTQHQtc3lzdGVtcy5jb20wHhcNMTgwMzI4MTUxNDA4WhcNMjgwMzI1MTUx
NDA4WjCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0
IGFtIE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsT
C0lUIERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2Bgkq
hkiG9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tMIICIjAN
BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAv2W7Hr/Ro63zmZVclhlMvakO1nYWAe6CFDg2hYOH
IxkC/DG8LsKbnqy3Rv8AoH5CgRwmT/HYKeJu+KxrpECJXGIjXirUzHrL5w0Hys0O6SJYzztRGoQA
eFfl3x1NNUxVGkWbuK3/o9vm3idoMqVY4HFU24h/6VbSVBru1lsfubmIGdkf+9R844JbZx1R1OuX
xQ60ZhTAmR6R5d1E6tprM8rAqBOC2l1o4azQyDtmxM8NEBjKcZebNleHOB3iVPiiG0ens6z39y7e
SyiXwWcsw8TlwcQiumYPnFT2lzrJAC93hEjNGd6sj6QVvPCJRu/Ya+AWfcm6JtBZRK9ZfBz81wjv
BnHH2u8j1GyZMdE5dvN4PC8bgX0HxvnbhnAU0DASzziyS9Ni/gMgWvJsmnmNVLyYMxRmL8L0JtWk
rz7aNSskufk92Cv/R4KtWsfdkYtNG5/lV1BNzraBgnnXX1gH7ddrL/Ng2aNRFd+LtsI/BjUBpg7r
Ebym+pJuri2PBj8hhjLKbhPuurybQLVtmYxCcJUo6ZG4X3cpxl/e8v+vviapn1OY9zaFLAc+fccX
1GFrLYv9aQKGDQFRMl2uV9nP7UpakBCgZ/r7ljvfhlnsGkLPZBokM9Iz3iUFMGj2gPD1m+C7QaiS
OwJnkTk3cnhZV6It0XdFIaFgIi9V4XMnYEMCAwEAAaOCAUMwggE/MB0GA1UdDgQWBBSg4Skug1x8
SOG2QdBaHAN2DDs7zDCCAQ4GA1UdIwSCAQUwggEBgBSg4Skug1x8SOG2QdBaHAN2DDs7zKGB3aSB
2jCB1zELMAkGA1UEBhMCREUxDzANBgNVBAgTBkhlc3NlbjEaMBgGA1UEBxMRRnJhbmtmdXJ0IGFt
IE1haW4xJTAjBgNVBAoTHFQtU3lzdGVtcyBJbnRlcm5hdGlvbmFsIEdtYkgxFDASBgNVBAsTC0lU
IERpdmlzaW9uMSQwIgYDVQQDExtpYW0uZXUtZGUub3RjLnQtc3lzdGVtcy5jb20xODA2BgkqhkiG
9w0BCQEWKUZNQi5UUy1JVFNILUNTUy1EUFMtT1RDLU9QU0B0LXN5c3RlbXMuY29tggkA9F6V+9km
sb0wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAFEH+TQEgwXkOp1dymChsQzX3mm32
nBbQwIuTKi3jy08EjRQktZCOhjpmuVc/QQUCQdgAZgWVboAwTspfgwQwVcuIpCkwuyc7tt+ZzRSk
ybvOccw4ivz1suevGZZfYt+B7UIB3drlMKLoJWMTiBZnL6c4iaqubep56BZBOH6IP2KaMRd4EqIo
kXLHgaIyhqz51WQmTJArhYvAvWlktbAW6GXev3mW5gxW7LAGygQNCo2JkXSegGPk2jLO48JXNuCB
lGGf2O5TkhD+Qw/buIRrcKWnolBCs0ITalkNFt0RftLYmyR0JMotaBRHHmtdqSWOwMT1j7SvyzhH
yszzRU4xwTUFveODkWYS3Uh9PZs+3yDcfqC1x1yRbhKe7onZt5nXh/wY2762Pv6NkBQfQaFaE8CI
OwRu6WjaFfRntVXHpvV+7tO6Dr3pfRNEZzJM5+m/Edh+JrUdhyy7SxuYiCpt5xiPvM9rMt5AkXCn
P8AQVxq3O/1Gsdr9iblHAkJrg7Lbd8bPyzE9nRW3zqp++BxYilxIIVP9xnaaj/jjyuAPfeet30wm
zeOe/MGqxEwP/JSwJ9rZI//FaG3gAX0UHO6Eo+R0/Yv3JcyAo6j/RN/6YcSTQD1MrPGZiNTz/Muo
nczuEbZF255Cs5PfVJJhTPW730xQmhZnlbta0nyBO9LA3Fs=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>CGzM9nOH9OHKk78SigJsES7hic8WAZqnVyHEaohi5MsJN8hjhtaAsJwadAHUfirvNbjW/xqnE9ICKwEkdSdvdkPXNOlRHLbn7Njou82tYqm+awOVZhlmpZTgkN2dU1GE5nH2n+YlCRJuAFIyTHAAuapGXbpsbTxhmuOx2jj6RBXSr0xGl94zIkxh+kIIlOSAcKLNNC6OO07gUNkZ8Dyrx8Y3IkuCo7T5eCnQMQVVFVa3fugqAgt9rDX3kYJYFTX3FGvgQGg0s3FilOu9cgQrqoHwlEgC1AJUl6DKksBDKkBMayyinOe+Jua+Cuj6wuRpReFKqKD6ochMfnTQZrXhFo3oXYd5FyeiWuyTPHQxcLwT9u93qJGOvcGLrZv50YIRBU89KjwbAkyLw8Kg7d5tWxENe4q1YE3b5KcE/oa8U+hZvOqIlrHvhcf7uJXcHsC0GSnsaCLY3+RqwI07J5RB4JQBxpP4uxUK2nAutA9CBoi6+WJSJWNW5MciOhOkvD4UWp3i8V6A01npSbU0d5kOagibHcPIazs0DUvX2dse8QSxt+r5GNF9clNM83lAxJcbyvKrmLX7d3ZpFaUgVMriKTlkQSrAWM8CQgrQ2VQhTatl/0S7kzXbz9U33zC7XRUJYXl1DJ/CiXNbJShSb8NezuhwUNeZSNxVBxTymaTGRBA=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>5SGRWxIHBXnvbnsQr7cvn85WlyCDb2jYg7OUlC24zQWpRz0hZGQg306RL8/qn47qASP3g9WuPEuPe2dK78h2dwM6pe5mgDzyqv2laTLhnc917FDIwiJB9OfQVFKzuKHwDYZyEeTkHFFLivkwhRUKm0SMNZHBnJYkOivYWGp6TDjTNzvCB2S/lopJ+QD6IyzPD5oaT0z0Y2bzCRCml+dkJgfFphA7hGWMP/A6iyf+tn5V9+fe5bwBobFffxG1cQpwqlZc9fXGaoKFv3nuyEI5p3x+EWWD7B1NZKChSHv4V3wVhiP0Hvvh/ESbsJir26cNJtg2ZBL5vEk6q1oi5147Jo5TFKkoqiFojyqOXPC7cDrlEcGBxRCR8h91KqkkDFM59Wc4ISoCjW6qXIe1tNy+Bru7rjmFnuZkqhNWG2JUnJ5YvOOMFefPmEb/pnAeoEBtJ9ObNCi0ETXKgn4VWRlgP2GvK++/xmf5QyyfgHHQywsXCEWGpXoOde3qPJukCE3Z2s15h/Lq2FM2Z8WTu9OWzLxB5ikpUxmYxudr0TW2F+8RuMv1S3Hgqg47B7IzjVDhEnqpqtMjsnLpJQ0pT4LYX3NCwYb/YhCEQhzA9BL4qTjOw5aNfQ2Uv1JcyjUpyJJXhVank0/YyerfYz8tT6OlCKO1LQ3XQYDkLklVv5RMWV2216ZoiJa3NRst5VdQz4OQlMXcKFPfB8lFVNF+eehSixDWqVEbVI+MOuAax4KwlF5H4TX006zxp7BO6P3mklRegSh2V2REtY1DB71/wRlWqajTLs05LJkDG+xEeSPY/VONqLoa42U6jicFWUE4MAIdDlFrtnYK8SkXDr+wTL1eLJJ1Q14zwEiuR8jn2buZUYXJH9m28t66uB3zA0mHxnBkHI/D5f34C/xnSWP4Gf8eLXfZh9qphOSVR6TGlBUbmLNkgDKLML02F6sqkAghkkUE+V1Mpdvgm30SGBLtTi1/WJq80aN/dEVsQ1mmEDCugCnybka6XM5rv7OvOadV8Tbo6WFrtk+hEUvXtRdBf/TVWx1mAJgcWcK6XM1PaB1poBW8OCzrbTE/QerSslEF1KWWv31O9LqsTAAhF0/lOe6bbafPJ30ZpxeSHQXOPJQk4+VcgAFAguM7hb9FCO4mikpbkJVqOLKdmCMV8En/FZja7eOd8FeSgfRrWyaPRWnbdGLrRmOuU/jpciclHx2+Y0gLzDrtCGQ9DD5MPezuchatQfGsSMt99elSCyPbd3s6t+2gtcODLVcq8LEuXzSSFElapDReVYn4jvxjCY2yn1DCH1RSXNS743OJiOLRCWDPGj0/1Kg7ur4scoxoyCo80wh2cIpyupP+4KEgy357doCpIEyBl+9B7yD7etkSj6evZhrscjZnWnfL59lfThDLXb2vr8OX7K+NPXeDlODIAaJpuGjrYBwHjzipYIcskqPkbASp1iCCOjksXQwZ5E77ssR4V/oF5IWdTlIwoL6xDFiRoNHd0m314+XKSjYUo59viUpnHB4vgQDd8OSUT3w1hsZqUB8jSiA8xw+9glfNgGtKlE/ZAGZRf5t0XjqeXQP0pbTvFUOchg1jrpwJb6gZ1PFYrgDNRFmawNB/2S70JRr4vFvzFGYscMB0Sl0iv4RFGZ3K881telqR4y+LriJgHokMNp65UEkiT6Buy8IsWfGOAYKDv4ueDUJ+Wkq6NcVUWkKRrfs8BgrMA/R0WRaPO4FMT7daGVYZFaLHLIQXt29cUYU7DgYkad+HkVwgV4+8/+gLmrM5l/RgdXBQPKjNh1u8gw6oaeWpqCcY4mpFocIyExGPEs5vO1V6Cqsdiy9JDjAMVOQeBmRjEakDoKJheBDuXqFYwuScphLsgFwAS0WJn2aYNdngvzYSSy87wbQsV8fEmm5cjqH6Cr8LQGQoC9AmTEeX20kDjzDO342wOq21aAwDj6CVU2Wp+vT68b4JkP8qfaw4n+sYhflzeC3mU1dbteo9hu6Edktx6oHq4bgGBDfslmvScUdDEts+wa/qBnhVAV/fOYxID3vI2p8WzZa3jZOEwvkN7bXSitssQLcoBaGQRiGCVkEn/S5sPFFBVCqd95AX0UYDJGmv3GAqBnRsrBKn7zLGewJbMOET2pYE5rSeDZrc5TvFtRiVlkHWJ2OdPSmaP5GABzZRu3+ZSRVa3UJ/TbdHfZyUuY/mCt/X+ZltPhRdY1EZ0EhJER8FdFXeCG8b1dgvf7mV1Bm44S6j2F2liwFEXq/8aS21tTsAeyMfhinbqO0y8K6q3twZ5V0DSgPJUNm3GKPgkInlDDjWMHZYnuOsstKJtP/B0hteXDY+r2DCn1Z7b8usxB5gs47t+fNsEoeDklCZkWDA4BHjjiExMJzwm3U2OT8Jd48yt6HxWluTjh+8aaCeK6EnzxGywSlIsBavg7IxxlBW3Mqv8zHWpJOizHjjCWyxG8fWmGewfh+L5SWYOlk5cBkdmLMrmAHWPY/AaqQhHW4fXCiX9Wu9HvxayE93kuqv0MUFbCQc/hqQIUA6fsSTrFEgze+QE0N7fRR7PzpUsBVmusyCX5snr+cYZhotN1V4qFxsY9NPblJlR9ngQII4+Kg3BA1yHS8YR1PUll5H6SlPCILV3pkz3sfMspwWFo3FDj+P9ZQ9+Qkm/wjdVyeae8E04QrPZGRz13EBvyDPF6J9MaCRQC3B9WuUnAl4YhICbUo3DiHPKEFB1vsm0WGga3zBnVJc2z0CN4DZ8/50Fci3/eIgDlI/Y25UE8pQZwL2FEQyVXaNyMN+xYkcOJetjA64yr6XRaBeVnaiJVuU/xfmqcEdrWaKLt92X2hhuqIe3FtnYPEvGAYXul88ppNzYzw1mf3o861sJKToqlUOEJ93zW6ET+IWBJW0S7gs2JdJdqJoM9adPoDSFJxcM8jaRiMITh9MocL1y7rPVu5p59Fz7g++J6Gue9UJ8XT5iA8UU4uY1Y73+GGhh1KmxohPB640pFw2MXaQqiTnRt7MzX/FvhYDB3KAaeERFmzq8jZlQT6DhCpcDWkzsZpmtd//2DGQNfRDKsdQFGNp8jZO69ANGNAemd3S6Qnxp0QGSayORPz2kMou7h71Fp818oINlYfLB34/tQg562LhU2nu0d+1qlj4AeEsIXrfVeh0c0RgGH8OR4cXKm6XdWjWzJc6zz48UPSZ7B2OrB3aAvwQae3Mcd35PXeOw3YCTXjPETLAeVw4xd9MfLbsgpCjT6+cVZd1zbtZoDI8aLW3cfoA6Ayta7/5DUfBoXFRoGlNUNXxW0AeJS3rionw6lpEsP6+9ECo4y1wfvl1yqyElWTEPah6cPtxZLOv2KYzgMBA6JuTR/F+H2HpwU7pjHEjO2mC0+HkiDtr9sligCUzaNtdf/EHpDxUtW79dFAQVIFqCb0VvnBWJbNHj+vD+2RT0UI8FGxdXQQaduVT/68AM7Tj1EMI/+xi/mSoY5EKPYLDQ3rhzUYzjGAy1l1nUP2iQavAAb4agVo+Ns08qdhWc0pCWYA3x2bGpFlAZY3YHdtMXZbVd/dVUBCXGeBoRXnF68Gv8fLu3CONXBSPL13urFJDTEohZuDimkLczaX4nfwC1aKJxXZ1aplGSKFiqYajT0YcKBqJ+w31eb4/j8QFoi0XemwI51ZczvsbkIwNit+WbI9B95Y7Cg5WI6h0ji0K85qVWX+Pau6XH4N3lFq+2IjhWpvRzZnBLOj4m1PCLzNac8r2+3LH7Gxq4KMlN00uxz0QNcpnsRK7/ukan9dev0gbD0uiMDdMsWHW2CBtwf4DGdaFX1eWTSS6uOVJ+jgWybjyWR3sp2WNfF4bHQBGnGq4SNG+g9tihZgWI24hpOe9IVLDxZ8bRWA8lAhrDzsMw+GnC/8irURj/H/b3tCPTHZXHVUSgyZV0Dr3DmFum2uIkMN/MPMay0WBjQxzr8zhxrUQ3IXt6oaGnT+ov66dWBsS8unxgYU9ChVgy1tIX5Mowx37iVQ5YMNEvVsRuh0rjmbMNbUzLJ4M1ulb75JJi4REuAxvvNL1vVjl519Q6g6O06wdLX8aHgYkfpWp1smfq1oRqcDoNCq4ZSNlom1M4fjaJImZgCRt2DW6N6+s3g2z3Y+QGhScjqqse8MBw1EZxAGuM1+S0gtGmaKz8CdkvLiLRV1cTS3v3UJeOkB+0eX2I3owpSGYeMKRMgMHmU9W9qyvo9SIpepeLSfiCKGM8jSRXOvQ7vlZPBiyUgmo5k91PN2d/RS8JEX6alLsre6+7TO8ovzuXjqjHSPzKLDaXKu++Nhoca5DxjZXTgT5wIi/OaHZSiclJXc0cOoXgTGn9L3UFMQs4ap4RfetN6cm2P9hUvMeHuNEUx2Qgb68thGb8OCr1ZvyTlt0VY2ISr+0Ei0S2ihw195FIIzh8TgXkIogubKjHMZD0iln/j5FF/zTJMna59ulVv5rKwAyUX/qjTmSOeS7WPf2v/cuOm0v8sJPeqqjAyZMjgsaouyICXzTkcn3WeHFj95u53qOrA5r8aDbKbcczaXJYWRhtdG2oC+BGwccmyfvMR0j4FETWbWyUi3eBKSU+cY1me8Hb8sgDyXlnk46AJ2UMuIghrxCO8hv8tqimIzhq9XGx7WCxVF5Eqy0C9dtNZ2gkwT3z42GX1eXOqituTZ3jOvfP4AkR4JbixTWUPQra6PuuzaizUJIulLrkLjRqqkUQs9JWMSo88JEGR4OkecATZQWzGDshqAO8+C63Zf3Yolv+EvxKq54KqOUyci2aJEGAxZU0cG5afgpI0bf3HSltSppJOFctgyZ1S24l8ongPbU7OdS2bksBIDrg2zxa3AcFA3vS8GD3fsSW8qwrGeI09kx8GjvNEyJRt5JGy10pvkKZy7QGpGXmn4VMSQwsTgLdVxcKfaOvZP5Qj8rNW2KDGpge0Vs6CU40+BfgupVBxhzmn13xqmqys9felV/tNlQ9p9rIDzsxru20aYS3edTNkxLMwLih1BeJfvKSwhLK/AVWe+rH5N+8j6+BBY9vIWOu0bxkgKbATCyDQoc1NJJPE2ZFRmpuLW+uBwHhjPC5V4tGjXyYTqy9Z/8eOggLjzdHZMl2Wp6S7ofsbE0njrX2iYvJ14b9YWa2vvUk3T0oNKdMR1QmmwrlnV64yibK+6E1vP1qifGc6jHXotbcrZnXwhSKyqFJRmOZsgKLdnP46iZsNeJXK+SisJbfD7RzXEuqDwW1ca5kP3oGET035fHkuti4DoGXR5lfbXDvHkBTyrM3aPOgLeeGdmT5MpO37OWdONzB7o8x4G41wD9bykaUtV5LwrcDiYzal3MIj3yrVylV7gTTjtXmsGOBFO8FrgTG49jsPJq3mfFtj/uA5LzJ1NKINIfJHzdKg2OvRgrN7pf6ZLUzsujKQx0wc7xlzB7Aq5FXDmF0eLr44zA/mn6Ccp2LtxqY5gvzR8/eWcEEM5CPJiFEmxP5vzcQT8iBPgcyHzpFo7vi9bztaCETdNxZAI3aCcPdtpy1jRBV0vvz5eSZJYGgmoF9FWgiy8B+R60YR/UcqjK0dEQQ2vCHwyqdcb3f5Q758jYP+IHVIP3Gu2fWDARrcoefKoQem16TN0y51ZqvToJ2BmEIoCt8upN4y5VJ9LFZiRcxugJswWUT+nOJxWlcvuTx2WhuHeYHv8WlDRmbY8Z0N/5nEyuT830T0fwTsG5/VRymBhDaI5Dk57raUvgxwPL26mS6MD2pwgeT1cCbiZZPpWGNJMOgfkfZRcnWucphlO3uh+Jls1mHA6uN2fvWmLu2ye9n4ySdKdshO9qppXva8rfG5ZKRF82tv29U3Y+scCknTsUgffVaxXgfm3a6oGkP+9lbpbhk8N7QxUpqeelIA4l6ZjatAcdo4KbUmcyovdaZW2OiBgIpWw6HcDzrxt6QZoIWgdFASUTEd8ldjGPR3keq+rVi4+MF8cGsOQoqfOZNEWsUytKHPR0QM1DabddbVoRx6V/JUakJmmqQInYaNS701ICUL88LoIDdGVGI5I/bsh8ijJsbsSNdMP/FuljtIlGp1F/wHB9jQPVsqsPY7ClrkICCy3sMNYYtc4s0LhLge/ZYkqZi/lzareMzK4kOgX4F4xUP8KV/15kYJt5te7ltLcXwTAYBkc4ZCcRLTmu6XU3jPQFBnhiyeM3xbcM2LNT4XIdZLdKyEfY6mYPc60h8KHa2VRuX5k5KOZVE2RbyQd/rXx9G/d5/X1A/l5AYCszUyClAixIMQoJ1Woyv+JYXROxgWjq0L4i4iBmyV4upN7Hrma/HI57Azg4G8EcgL7kOJPo72hzoCoILSywO5s7ks6ifJZhtUG60VtNoTbkXsFJxfITxTFrfxYPsxTLuWwsnFWYe85VIHcmhP4+/fDxx/gj9DB3J4PMjXuuRvL/LoKBWvupEP+UoDTYmjenJ7qqiuq6GdmRx+96bm9hBmyR1ZDMZXVYuZJfHwo2sep+EGhNnIv81vNCAXnolwjIrqElyaNa1ygk6lWBJEhE3WGk4nJgi8+kIcvZnZBp6suY84O2iSHAfUx7+E2UT1StlF1jSIDPWQexDFetmtufofj/FNqYGlvA2KgDjVUNjbrcVB21bGVrFrLr/JwZsXnSBpicPZ/ils3olY2Hd2AFChgwSjhZoEL0Z1iPZtlKxN9NhzDQLFktdJTg6krRSL01ExBjjCRTFiRQkz16dhDkiQTzNeE/B1LlxYRs1hhWivBIs5ULb/DFqpZBVOOiz35Kz1TQQyP1ilJc0u69QNs2NXOyrKMh2tv9qHQuB2U53Cf6zE3PyrDWhweQoBfrw48LGAHUSSsEbZSLrWmyLveTHYZEQcEXEGsAX3BbqLX/ZuVhKZ4NvaB/GY3vnh79ltgBBElrK7xxH3kRw/H1Lhm8PaoYYperBAsm3wsM88Eji+sClQK+C5Ji0Iwvm5SeK8/awJUKpeSbmVDjnQRGzB/7X2LPdVvwnXsQlOiqIyr53oqt0Tuc8HjvjR9XziD715667+ZsVPbcV+bEG1dzvwj2AnvxeJZBc5tpQW74gg/4QtqUVDz6n3kAhDyt6tBk7wz5vmt5gR6Hh0ud5JKuSZr7bFjpVI8wE0fiNk074lOqChzz+t04gPcsbzdpxgYoZoL1O8LaE6A8Gpuj5ZW0Uxnk94YEQn5zouw3mpnOZMvHASp2CXiV77HJ5sVAJUNh9IreNSdPx+7sTo/8zyaJma+FQ64ZpfpIEa9+cGeupk7vbTmtrGVpoawnSmNl+KWadKJMqTTlZoeCE1FzKjYoDwd34fZEB2xFEBqYHgFSrlrYxSvZ9Q3+VXBXH8C5Xr0w1e8iL6OijAJ+d0b0tePK/HOrnvWgycFxtMtN6i4YNg0xhLjryj2wJokb6CxOTIfrOL68b/AI2//fMDB3Aie9AtLIo5UP3nDmEvthaM3WM6NLrZkBsYpMC9ff2qUrmXbrffH6J+897sjYu3txdBviRVTv+Wwgx8q/5InCaT5Qf8Iabl/TcwjX+7SpU5IZVCqGpmaTjoQt45RRoPIfTUEisQy+f8MhFQwbcTnvv5YR02gwz9FYYFKVEzddpQNo8p0OaBI/eMif1QRPBnR1YMwsums6YbvPHsM7g/Ybn/SEBQDgdZgc7jbibt2gkpNIyeosAlQO30/rR6Uts7z56ch9ft6OD11cGSFJBhcSqKP5E+vilu111XZYoAVl9aj36uKOw59Aruv2uGSsgRdIcu4rF0NXU0CY1Fvr8O3Enxj/16m5jdxt75bZjxo/DrkLj6xTsviK6kIE7smmoOh2qTZ5vYeHu64rz0i73CDeJFmapkOIWNAa6G6Zt1G2IPkChBF3Kdw42xy97NVfhrlBGygB9oLr/hK7R/AEpn/LAjwZg+jyZkx8vW8RcJIZxo42wpj3zvGq80Kj3ylHVpPLReDeOP4iW08XvgzfueSiohP3uEuh/7PHpjd82bFOAAr32KEkbc49v8UmR060YP+LqLwl0YtQJGrkiYUYN8DKMw55x9yIPuJaHXO27DRqnG1J7BLOzUkziJpvUzfBsRQYS4p5DkDI4AVwKLcWNohwYnzG0wk5swRyjjU7BGnAPI6f7sFAR0hCV7L7h7V4Ev+QWstyLV7TmMsiZmaOTEkFe9ZgEHoSP1WEOZUvpydFTIz+n79ep4SY7sNjcfAy/Fw39okzuk3cyEvq3ObQwzAn3CTbm6/pUHMpkaNG+oCbNOX9Mi30zDI4z4JgFy1zCXcLHmwIxx1/JBBwCa1ydEhv2LnRVus2o1CnBxwwGWHcB/Dk3CyQxpcStOX7t0Li7Q==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-04-17 02:42:16,776 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:42:16,776 - INFO [Shibboleth-Audit.SSO:?] - 20210417T024216Z|urn:mace:shibboleth:2.0:profiles:AuthnRequest|_dc32d078-b350-4ef4-b870-1dc9a62f51e8|https://iam.eu-de.otc.t-systems.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b2f34e94869d69d99379de6ad81bf03b|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxJYtnzEqdFSFBc3QhFsk5WetugYD/U6zMCYuxgXDX6fvEnYcTcjhROkNbeEN51Rbf3H9lqMWS3Uz/MfFGXOrURTmu1TnM/WolWQbuLtLtNDpmUneXtjuaO3omO0UeksmcGXNNsnPM|_4916bc485c32d68cd693aafd842223c5|
2021-04-17 02:43:38,484 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cmVhPWNjYTQ1ZGYxYTRhMTZhY2VjNjUxNzU2MmQ2NjNjN2MzLA==
2021-04-17 02:43:38,484 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-04-17 02:43:38,485 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-04-17 02:43:38,485 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<AuthnRequest
    ID="_26123ee5979cc66fe0615ecc13a13cec5dc000401f755d1961f2fd3c4e02c8cb"
    IssueInstant="2021-04-17T02:43:37Z" Version="2.0" xmlns="urn:oasis:names:tc:SAML:2.0:protocol">
    <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">https://saml.threatpulse.net:8443/saml/saml_realm</Issuer>
</AuthnRequest>

2021-04-17 02:43:38,491 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://saml.threatpulse.net:8443/saml/saml_realm' from origin source
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:43:38,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:43:38,491 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:43:38,492 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:43:38,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:43:38,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint was empty, not required by binding, skipping
2021-04-17 02:43:38,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_26123ee5979cc66fe0615ecc13a13cec5dc000401f755d1961f2fd3c4e02c8cb', issue instant '2021-04-17T02:43:37.000Z', entityID 'https://saml.threatpulse.net:8443/saml/saml_realm'
2021-04-17 02:43:38,492 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://saml.threatpulse.net:8443/saml/saml_realm' does not require AuthnRequests to be signed
2021-04-17 02:43:38,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://saml.threatpulse.net:8443/saml/saml_realm/bcsamlpost using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:43:38,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:43:38,493 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:43:38,494 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:43:38,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://saml.threatpulse.net:8443/saml/saml_realm
2021-04-17 02:43:38,494 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-04-17 02:43:38,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:43:38.498Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 3d3618608415c59cf976c3352cfa62666ee914793f6204414c27321c737e4a9f
2021-04-17 02:43:38,498 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 3d3618608415c59cf976c3352cfa62666ee914793f6204414c27321c737e4a9f to 2021-04-17T03:43:38.498Z
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: No active authentication results, SSO will not be possible
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:43:38,499 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-04-17 02:43:38,564 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'saml.threatpulse.net'
2021-04-17 02:43:38,565 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-04-17 02:43:38,565 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-04-17 02:45:12,616 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:12,616 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z" IsPassive="false"
            IssueInstant="2021-04-17T02:45:11.953Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eum.otc.icsi.eumetsat.int</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>5iljTmDHM5oXj44nVLdt5uypZ0A=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>a4IVMyB7LnqAc7+0WC6qd3fcZ7FmKdwlXUpvPVUwjsnBRdqa71HxzuuwFE/iHK5p2A32C4XxlEl+258GMF09hA86F123x3vp+JIs8L0MUte/E/JIMjaU4ACdse2tKACnFZQOIs3uvdAOM/8tPFclwoGrFDRfqxJ638nSW6cQGsoGi5tAsbgWyjIk3UH2APCwQyP0f0pu1S0VBnVc0N2GkEMhKjxXCwMxMsqgkc9DmuEP/V3TriCaGbiaSjZs2dVZX9I3xbmQFfQAavetf71ltF1mWZHLwpcXdipHyg8+ue3K6hABroug+gnQeeIBZzkgxo8I9DRkWTluYEiYmGjdog==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:45:12,638 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://iam.eum.otc.icsi.eumetsat.int' from origin source
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:45:12,638 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:45:12,638 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:12,639 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:45:12,639 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z', issue instant '2021-04-17T02:45:11.953Z', entityID 'https://iam.eum.otc.icsi.eumetsat.int'
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eum.otc.icsi.eumetsat.int' does not require AuthnRequests to be signed
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eum.otc.icsi.eumetsat.int, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eum.otc.icsi.eumetsat.int' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:45:12,641 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:45:12,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-04-17 02:45:12,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-04-17 02:45:12,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:45:12,641 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 18832203621667587607088021436286230684931968168257167872795230405254894215980850067536154909197830631021596563357169939025141288325792903445779402655913743610932954428709105184576245804679342024583286736032463367943204530450706526245046609407626399621183218840286753119152458925964376259244052441725228698672336877726814951605086057990054643083405775848564675707375615835217627789844087955313900665870871521060397374272764412191674530995951115898094251299426642547742873614018298714848246841146385338889437961538915294437507286875445216218692006599199269372958584594878711118692775154075888222346153725342565601745161
  public exponent: 65537
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
2021-04-17 02:45:12,642 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:45:12,642 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:45:12,644 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:45:12,644 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:45:12,644 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:45:12,645 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:45:12,645 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:45:12,645 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:45:12,645 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:45:12,645 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:45:12,646 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:12,646 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-04-17 02:45:12,646 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:45:12,646 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:45:12,646 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:45:12,670 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:45:12,670 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:45:12,670 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:45:12,671 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:45:12.671Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:45:12,671 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:45:12,674 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:45:12,674 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:45:12,675 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1065289548::identifier=rick, context=org.apache.velocity.VelocityContext@6aa15400]
2021-04-17 02:45:12,689 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1065289548::identifier=rick, context=org.apache.velocity.VelocityContext@6aa15400]
2021-04-17 02:45:12,692 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:45:12,692 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 0531f3c8119acd60abce16d0e94e7b2911f36904241a625407ada9b82a9f4d8e for principal rick
2021-04-17 02:45:12,693 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 0531f3c8119acd60abce16d0e94e7b2911f36904241a625407ada9b82a9f4d8e
2021-04-17 02:45:12,694 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:45:12,695 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:45:12,696 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:45:12,696 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:45:12,697 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:45:12,698 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:45:12,698 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c05f28dfdcb566f86d7367797005274d
2021-04-17 02:45:12,698 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c05f28dfdcb566f86d7367797005274d to Response _79b459db63ad7fd61bd72d4505531771
2021-04-17 02:45:12,698 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c05f28dfdcb566f86d7367797005274d
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:45:12,699 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx22aTF26MIrDFo5fOYKAGgP+YJOeO137fVdzkzsjwbpj/Jal/o9dGnQgPxttRqDqR3OESqYPYL5wpX8SYXmzkVPeTkfmFP1Bl0Pawzq56287aGBWcGHQYjFTZ5voJvqJC5k55UHvI with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c05f28dfdcb566f86d7367797005274d
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c05f28dfdcb566f86d7367797005274d did not already contain Conditions, one was added
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:50:12.696Z, to Assertion _c05f28dfdcb566f86d7367797005274d
2021-04-17 02:45:12,730 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c05f28dfdcb566f86d7367797005274d already contained Conditions, nothing was done
2021-04-17 02:45:12,731 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:45:12,731 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c05f28dfdcb566f86d7367797005274d already contained Conditions, nothing was done
2021-04-17 02:45:12,731 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:45:12,731 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eum.otc.icsi.eumetsat.int as an Audience of the AudienceRestriction
2021-04-17 02:45:12,731 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c05f28dfdcb566f86d7367797005274d
2021-04-17 02:45:12,732 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _c05f28dfdcb566f86d7367797005274d did not already contain Advice, one was added
2021-04-17 02:45:12,732 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eum.otc.icsi.eumetsat.int to existing session 0531f3c8119acd60abce16d0e94e7b2911f36904241a625407ada9b82a9f4d8e
2021-04-17 02:45:12,732 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eum.otc.icsi.eumetsat.int in session 0531f3c8119acd60abce16d0e94e7b2911f36904241a625407ada9b82a9f4d8e
2021-04-17 02:45:12,732 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:45:12,733 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eum.otc.icsi.eumetsat.int and key AAdzZWNyZXQx22aTF26MIrDFo5fOYKAGgP+YJOeO137fVdzkzsjwbpj/Jal/o9dGnQgPxttRqDqR3OESqYPYL5wpX8SYXmzkVPeTkfmFP1Bl0Pawzq56287aGBWcGHQYjFTZ5voJvqJC5k55UHvI
2021-04-17 02:45:12,733 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:45:12,734 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:45:12,734 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c05f28dfdcb566f86d7367797005274d"
2021-04-17 02:45:12,734 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c05f28dfdcb566f86d7367797005274d and Element was [saml2:Assertion: null]
2021-04-17 02:45:12,734 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c05f28dfdcb566f86d7367797005274d"
2021-04-17 02:45:12,734 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c05f28dfdcb566f86d7367797005274d and Element was [saml2:Assertion: null]
2021-04-17 02:45:12,754 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_79b459db63ad7fd61bd72d4505531771"
    InResponseTo="_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
    IssueInstant="2021-04-17T02:45:12.696Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c05f28dfdcb566f86d7367797005274d"
        IssueInstant="2021-04-17T02:45:12.696Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_c05f28dfdcb566f86d7367797005274d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>5ZYR9trh/onfdsnNZA7ZzVEchw5TkV0WLeXI3IS8GsE=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Re0anmmQvkyxm6Ky0h4xLrI1PMpeQPsF1hQQt8805z4npR9oBOBcqBBqMeLkyvMRY7qhGL95rQWpLb1bfDQsp6lGOZinTXbaCPalUQg0aJaZeUR7XLvMeFfO71ITLGbvbCSXqqKuh4H8PcAJu/YESB3N/3wjkow1dvAigK7Sh4A+MaTMHxmXWM6NPKTOoj656THRkQxc786Wq2bdJJd6k8+2Ea/VOJN0wCbntI+//uPS4y1wiRqCR0vMBKUG2oEAlsyZ+RuZxoHywI/dv4xJdDbagIxJPkXK8gxMP6XMDCu8XLkX496ObkrgiK8bJu/N0E6jYmyf37pCyiun/NqEzQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx22aTF26MIrDFo5fOYKAGgP+YJOeO137fVdzkzsjwbpj/Jal/o9dGnQgPxttRqDqR3OESqYPYL5wpX8SYXmzkVPeTkfmFP1Bl0Pawzq56287aGBWcGHQYjFTZ5voJvqJC5k55UHvI</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
                    NotOnOrAfter="2021-04-17T02:50:12.730Z" Recipient="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:45:12.696Z" NotOnOrAfter="2021-04-17T02:50:12.696Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eum.otc.icsi.eumetsat.int</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">llIJUlfSiGtw5ZZww4kTOcJyDF7tkkpQY5szafKyRQc=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:45:12.692Z" SessionIndex="_91f248d112475cc725bd8dd940de491c">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:45:12,757 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:12,757 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:12,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_79b459db63ad7fd61bd72d4505531771"
2021-04-17 02:45:12,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _79b459db63ad7fd61bd72d4505531771 and Element was [saml2p:Response: null]
2021-04-17 02:45:12,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_79b459db63ad7fd61bd72d4505531771"
2021-04-17 02:45:12,757 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _79b459db63ad7fd61bd72d4505531771 and Element was [saml2p:Response: null]
2021-04-17 02:45:12,760 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:45:12,762 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">llIJUlfSiGtw5ZZww4kTOcJyDF7tkkpQY5szafKyRQc=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_79b459db63ad7fd61bd72d4505531771"
            InResponseTo="_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z"
            IssueInstant="2021-04-17T02:45:12.696Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_79b459db63ad7fd61bd72d4505531771">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>mwfJEjCBo21lPBheXM2gp912TmDAdCtXEAB6t0sWJbE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>KjfgYW8ShrELmnmJMzOzJfcju6xK7TS+30kUB/oXEY/2h+fIpCVfzUCqU96B3DibiLGpHD09q0a5LLBUFOIIs5fDEYRQsQB2oyf98YplyXTIgdBGn6B59ZY8ghEJkCAxUuXebmJ04lxU9qKF8uZXiHzKY8B4QMyvNhuX9XlVKiltBrRvYEwL7GZ5mNzztItwgtnyaoDZnM1xchluFf+rpj14FHRfy8OBUPQR18AQzEEbT2sG08EBhDtZjmV317s/pu6A2bs8s2sHT5c464ACz5PeREbKsV03r6LvVOvU48Wu/zMC5qSB7uvsgH6ljUISjEAlcSDCH3yzfbzT8RJpEA==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_7b9dbe8582a5724e52ba343db704426a"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_6db04e1bedb58d3046c1f4d3edd177ae"
                            Recipient="https://iam.eum.otc.icsi.eumetsat.int" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>C7cjhwmInXwp6hAvz+gtQgrIFSJDLBF/F6L8y+y2wgv7KVK1Mr0JiuI8PQOytLNiS3oXWdVIehmN92RX9vYjCUEHGTDA+9Ft3F56uyCvrLY9gcyYlACJOiW9OBAkYK4xWU+MYusIWds+oQJmIuN7vNLEIGIHnHCYn9cegKMxP1ofUhmBMmCsXnlbTojXCqVzua5Vdd+mpD8Q1PyVPb0ed/ZRS7P6MDauKFXt9fy+ZaZmrZeEu0skHqUNwDtT63kif8nH3DSQYKlPUoIsFWh8NHe2BDqttMjmixyCaN/yRXKyGV/3BrKspOQGwz+AcB7Gr0GMXtxCwgOWbNG/YiceaQ==</xenc:CipherValue>
                            </xenc:CipherData>
                        </xenc:EncryptedKey>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>FzRPjJ2AJkMrAbUG4GM94RlnuFbXXM9qtB51ydyZ3RHZL/GXG6nYI3+OipDsdA3bH/k1P5ia4BORXCHfV0EhX05epD1Fx+0Z73nS6EMR0mIEwJgQRFEYEzU5h/8Ed+Wqkl5kw1aJULavC5NSz1Cc/hyJ8C1qf2FazUhdwXaMJO9ZXzfwXKDyW8p9FAlVSe3YCv0wByvnP31nlrEGXCkCHqO+vkUOdXJ2uOGrBBdJ2iDPOTSlFff2XwZJZAclWCYg0Ybpeoarb2+6aZlGygIsgstY+MU3/05B2K+hlz6ezbgWSwocr3p+TqcKI50qq0hws2U992ooAKXO/BdYraMdn90n5/6OVyvzYXPlLmwBRcJtNTHt9B0zqeMJsLgIPDg/3A6Ex87+NymlswlEZXHBxuq3LzJg5pE/hkDBFpj/7rN/TnbY0YGXQjU8ySpsdGYKVhJ8XPkl6HX9cW6lOW4A9RXpf0TQsnx1VmvNDjpIO8fNduyVZdLXxywizRlTjrJ+IILT1V46g5WlyN/a93f02N4Bj1vfOQMOYhT/H115+NVrhJXlNzhC0rR8xnA5nc0L5BtW8j/BOp3g0lXv1Xo3mSeLg9J6bzzg0yupafXEgl3I78MspwyePlidp5y6AC8/dKPcvVJU9pGQzzynXIPjCgQ8u3q5YRKBvkQ8gI6tNo72HSFO8i9cLxFeLMgbe4njv7hTzwavzmyxHoFz+gGaFxvQJFK8WIdhdaNX1X+jCqRIN/nJtv7aOSBKsgkuFtgha2Rg0bBEq6E+5ksZkUIezW9sp2H47GMQaYL2aqWCe6yHewA4zDatuwMPYHGV8owizt6XopSCwiVly4sEYsKi92d/X4+ZLPCoUa2H0+uyDBrsBSFgIGTQ9EJAEdgFWyYowgM1ZDYr78GnkPGsT6PYkD1Yr58TZE7vex80VYYXEx3lClxslyDw6eYGGTH8zfo2or/kN0NTobhSGZps7W2gXyyMiOsE638/dsK/+UTuHv3qLOQe3cUyZ91T48aK+1aCi7jegP4m973KmsuwBYqblmSlNPjcByh8SYzScvZi9PgBVZTf7shbJHSw6aBkRoK2dV62joszd4le33QohWuCG4GU5TqYo5jjw+mQy1tjqpIxXxx4G6yCCNGdJkwdC6fIXV/0YRa1rRnb+yk0gzqy2oFCgR7BFZz+T1yxz5fJehDtqiD9v4M9i2Twf1RywlAp/sLR6+yUOVGTYlYIq1H6PBdplPVXBnvn+TpSRh1aDkxJ7YdLi/72SLYaEvtFJA8d2tGpIOLaZWrFEMwlxujbcvqx6OlQJYE8MDP31ADj2Yp1CDavmzkx9O+vYbSp6UJKqksNBZU0Z/Xe/coM1lV/QqwP/rIcvU6M86gMp6GTqTrJ24AzJJbEQVxP0P1OnlpFbsf6pu9XQq8iv+hTsphzgpwJU6+7brll61kV2NUdGf8DivsybNFJXPY0dDyr8eQwYA1iNFXcmsFr59v+tFjPccFXPXoNKZf0nhDY1G641EslpR4seoia9MCPinZ93p9nhSf06JRaPlYJnFK4uetnTF0nSWIKPv79KiFR7/onMBF4NJurMNd9BWj6nxVFe8LB4cstZWq0S6xloC1FCuD8wNMbisB8is7JfNd6i+AjTDm20Gqg3YakwpUpG8+luy10Dis43+WqnzgxDcat8xbwTNC8yqxtPc6a9SpLUMM8Tc/Z31JcayCcJGbBbi4AmV6GA05xAVVs6Gq4nc4H3wFNOPk1ANWKi+jz/IChKJCI6As03rLccNZMlLX4vLvV7hdK0ad7rVId7dsKzqsNXnIJzenx3ucQf/UZIp3sJv3NIymQZRK65Xd1xD+gJQivnI7HStbm50/mAn2M7Eq4JA08ppEgWkkuPSpkOn0F5OkKVXnsGbxswSD4mfTieraMnljsvjNp99skbyKfp3U7pmeHOGr7giG9CAImalyYYutBMopuVkyt6+M8Qi5IYDoTydV22nvaJsZ2gX1pEORSYIGyT9dHHTdffmEh/oOsHSs1fqRwXn9KI5OFjiVUMpEPk4yZ2aiWLiVPwXRMuJiCsPX3P0q4XVepzV3w0G2xxoOsc2imenGdYZddsD8ctFIJXq28Cgfz+uqZpBeXII5bYpCsxiNLMQpqbKGOMLJ2UK2QEkoNTTBHPROJb7LAK3xTPXV6vql3WxHNl5A+0ggSH8yrrSoIV50YJVjY+lQz/Cg81fe0RBA9jAgrOwsj1o1ZCGo74GkXFdGE5y4flvfpQ9/raO294i9px73xnD4kDnLnorGAmaHx3JmvLtwsaZVPKxlELNirJbc9Fs/+uKMYwOIwzOcFf1Z6fWGBxlk7jGSdgJhxvHHvCrlkLay7pUYqFcGGel/fG9agnfDEpy25bwJBznQdpw/4hJ6LOHIIR9dBRHosHf8jEAYlRwZ3dgHK2mOXbxzTf+YgWFfTG3Gj0LbiNiJ5W09NWsWax+vyyJBGidbKO/TkpRE8Dr/cvWgjgCSBkroj0WwIKryuDJnVSw1sS6iCbPRe3TRdZxvroMdkvk16Qly+R4D2qHKaSVxfOaoLx4qmdPpJGtQ0XhHwivQZLoTIbKYDd+J2cgB9hCXa4r20+x7EtABIwdSzkeh9RSsPKpcdrEmCPcpOH9MG/Qs3i8gyRn0AQcdVBbHKxMdmh3oTojHtUiSxdng6wSApQkxhm+7XxkpYQ4H1nf17UkIRqVruEUHQtZd0uUTOjvuowKt4CTO/YTbWYBlWJg9pUEnKFB3jMwdSD11c4Nu/zI9FRbTn2xt+ILdH6SnhddMTh+2LWtedYNWnjSpDNybfkNcvD1qDpfJBWvBr68ulwkACvBWLh0p5/siIoMcLAQ8aPrVaZ9yjjE85gBLsH6bZCQHpNMh4nxwh0bUIoIEn89Jee7acbGa+sFes0PIUNJKilb8zM7u74X/vs0J50an1lghil1KYpxAFSTrFkd93A9QwRYa1lhDR3teaOwetvtn7aCsIOk4aXjlCOkCJy2/80ohjN4MDmweyOYBWUHXMYhsGxtw56zSlX/DugKwSGa7gwUOgZ9EMLIg9igG5Ury0Cr/DdiccQqVxDFE6dk+E6EQ58mSJgfVgd9dC1FWwUiXG7VzUiSQwClChr1lqaRSmDEUDsPyj6R+S0lO/50YLTiBWQYO3dHjgJGh85FovDQk/+M396N0j944/v9h8oWKWmZ2SSOTr4HIFvUR08T8X30+25X6X2op4NWjdLRjVbDs7I0ATOoOc+/3bPg693fK5F0Y/EUPcGRdOt5iFA6mgpylByNWGy+VoQmsebJnJnnIhlroEuguRdXkB3YRMwpjgdco23OleVP4okqPSz7EEm7ix1HOdUMUA1rDp59zeaVgDWTrTrs8mPklt29MzUYMxYj8vrlPIgREIgqQ7JBLAporFw7f5ehJcDnW9KBhpD1Fvg4I/m51LoUIxxeypLBHO4iIfSyMWQ3VZaHSffhCHfIFX2+USf+nRXOD6IMypZj7U3KUsT/piFfxxyRp5DDb1sOoHMOuGFl8fMif5JIVf9kzwZjiSqjkzQ3/FizAoGwLXos5FNs/mDF9vJN1Cw4LPHqDGJMRLiUH9quJ3hZjJh68EBfRppWkgOjke/qP2em8joVGWEhFmKAcRLshQWfXsmLSE4Pq0snjThnTQUKPgqygfOiWUnhJNymoAF6gQNM9kVcbZOwoHM0nPuMVIdi5ENIu4eie1zZ1bX+FfRDVF2prsXzuktbUa7mCbjD90kx4s0/EwMYt8TbHciE1AklZiQ9fyUW2yrKH3JxS6/sjVUdNS4QFh5yYX9k+k+z/cc71bCCHU4gVScKR2vLGHkAW28DC0MZYCqn+d9iISN82NxgE413uEKOKXF0GB5CIHxUBJTLRvukm1ATN6IhSf5Bz9RGd1twhu0rRAzFZQnIe3ZOTDqfBLVq5knwPodFTmOhRokVssxYs1s5+CsfLvWipacaNEDcbDKhjT/Re1G1MSO7kFrtxMnxjNBf7eRpF7C2AdG2gnP1EZhAKZIVU837zepLCkUG4DW7pcXRx+/RnD/kkFIdKb8vbTIpV7+mmW7QTAzsMoUvuAo5MbIZ2zMRyorfnrQ38LNXMDxfv5gCVH3GMh8ahwxs42RAxkkh/PcIkdBpBRTA4uNCogkiKRuArEOWe/KxrG9miIPjTQJ9meCMFYZkTBMvvzq975CtCHuRM58XWuQ9HtRGRhx034V9Qq4VEhejtpL0YdAinIzYv6Hqax8afyGJpTfYbaSZQ02YeL0cCOuZhGPJm53txOLNNQA6+K4kZIFcxRcYWiY7GW/7cB9KB02QtdGxmWe/ddr+rQ8iooUgrXKURb0VYc6sVdGB2HqDQgXrwZ3xnAwlgb6e0jW+l+0zY6uQyChTDON3pk7e/vzmHYPRq1dXZlf1GrjINUbnHuVzUM+Ibyje7N+8vDpJC6jQaoaGPKUI+98/rpCHdRO7BX/EcXFTiKMbVfp2Rj4vy13wCAGinlK5zZ2oIgz5sNOWL56bofFr473ZpzmLaOdRdxJu538sYyYG1cpcsZtgr7CEqP7ODozlQppSdxXezBvPbhYwlxkuks7GA25gJgxnv2HyIo1VC4qNQj3d9jtOOmMw2hVs6iHR78jLsLissoev5ULLsWkKO+AGRtyKGnp6cZ/5SJz8dtTKLgqTi3v+y5UO0g72eyr2Xdz+S78VMSGFxuzTkyNFQ8s+WQTvDerQY99/4DKJBXYvFAfXrOrY6PnLhL7FQAVAVuNxbm2mRm+sJP8gaf6mHyvmyzaneznWIkuWZt3FDFMFVWE78wWeC0b9C1sBPPn8eXFK47flBLicPdfoyEna1LvzOBrVnqqRhdUBnnvqweLQM4aCftbI9njTwcxXuzD+8nyeqBq7Xm+UPwHBluYi/fr26T0oTd34o4UvxU1BtE88EQa7XAheWHo194nKTJYi0WuhiK4VmyncngM0EOMqSE1pBjjostM1dkxI3ibmPFy2YOSdEDkzmfbTjQKzO1GtJgj2AklWbf+QZnYXTxFa14WxTvNa9D5pFkPz2PR4RQMBgfkLbmviWdlLIX7k8x0vypgQXPFswg2k5vVJYxM3Zz0bBUTzWZvgb6D4TK5cleerrVIFITU/ydLlraNhZRMrVuZzyYIsMETQX3Q7RJkZgHqfofsk+biZ3R7g1LGsE2fC1eAhs4hoC8z5rp8yEtHQxQvAWG9n5+jiBKkZDBOAwMl0IZsWswVP68kwF7yJdGNT/EA3LpBPwY16r28pEeDVJ0Yuko151XwoJ4w/Dt0VPPwuZsRyFc3I4c5IQaWNB5SwiI3bbCwSyJda95Bdzj5XcH8A656+Uj0EeZ1FtKumuZnlObQpxXf8A6wce4hES0+J/DTP6faVz1yVvSf+KyxDLJMzB3Z3hHYGUE3TnpzAFIvc5sq8R/51P3DbYcKvgMOkN12pUOSKPVc3s0V4teuCde6TM6FGNkb63qsQ0LepolYgJPkqP6vtTyJZtyPaZyyXvvQ9gVhK3eKIvrO5GQKZqWSLF1oAPHU3J9iG/kSVfOu6dCUAwAz6QsDW9yxGOC7CT0pZGUn6XLSWpGcwtsVFOAyV85XgFUuFdCxbjJvFJMDSabjv4FqJl5IJBqqdWbwoU9W9KDQqhnlu5a1c8MImwzI2T2qlBR/g24W4kHkIaLiJNxksbKz237PEz05SNwm8X6+Xy+abgIFSZEPm2tovtRoAS3bf0yHw3C4lFxrgYotCXFn36/O0656ajhQYrxJw95gRFnWtm59U8/c/74XslYpO00g8VIkicoA8s6HvBBnqDLrk3nqU9bnTpvjeSEZ7pC7AhNLO07bRTalRSSvBEP3V3gkSd+HfHX0j3qeeoTlSLeSHNiJU/yNCwIFDa3dFQvjaqkyv9XFxMbgiRwuS+k/Dae0Ub2r8O64YD9RgkMBqaRCoxDjDkJi5/At9q0c+ue/NZjm2cxaM86v1FUjzwO/cEQ81C/F438MbFbiU5kjzlmXayeTBL6/MpMbNiYNsO/+MZ8TVd6mImrEW9C2+zV4xaz43meq9L7wK/C/lY62Q+DPGUkDJyfQJniWmbTx9NP77twB+f6c0IJXfOiLrCr3SqWLihvKVF9TS7LLvX2ozg0CfekzEDFxhQ2yEKxgkOa/NEbXw6ECQmbs3yxnCQZ8ZzDNKgxvrNQaAbQz+rxCFoovQN4Dwme/L9+exJghbutUW4Ma+U5H+9jYcFIGomgCTqQjhpIk3eX/NJG3ZHnsegMs5+Ks+15KGzuokyYlG1o0oqkYuFvoNmTKF9SaenzoCkEynN02Glw7x3sT/6X03g5f9+oAuD5ifa8HbmJGmCkxWcvYzAE3LcmQ4D87AVFzPlsdKRDCtrXaiUVE8zmpvNewG4hX7DBJGRXI8pO6YVVqbppO1PXBUasCDYs2rg6WA6WlRCbrObGCgpdGJ6CUhuMU+AHMQbG9K/XnCcqQspATRKFIduzx6e/8UZUAqZkQIzUKkh+ZTS2dtBJQ+pPymzinrl35108rKDkFBxYzI/M48AgrB2atXKA9P7666cYLxjTBNj5RCt+e4qDQJYxUbMXpWQRxrgOQGrrd3grmRN8oGVN1+EjRa982ahCVp0BZg3GLSJB+MmGEsZK6qs1d6B5iXtmczb6xRp6wI+0zmbDLNPfNvr8wV5gXdu4SqVMdakgz7XP/5seb+7k2I8Cr1n4elFw5wiziDxhghMWnMWwpdK8IcqBTVjQWoBL7y1gx0veb70nYlIJ3xP5nkmf70Rl6PcZ05Kg28S0rHBR7t6qLbbSn3ZIXkaKUmyB6atgrjQT4JlcYD2wTTmGQ03JT+2soznK1BIV1CZiqP6uIETR4AISXx71MTn1MkAgTCbYnTXwaMNatSO2M4QybCchxBC62XoncATDe2RBT3WwrWMrhVB+x+RyRKEUNZUZjNDeDAM3/hhrtblx6s2C2EvMlBobt+YP2CcyQCkPyWZdZef45Zb9/dsXrN13hTiAjyozRyV3jKz8tUaa+5evEnoHOqAnNO5KYpmhPqqljlcwl2dYgu0KEdYsIE94a2c4UCWmjHTCIr94d0Rdsb2bDyN+j/6lA8AmIJCwU8a2n61AzmNxKfJfcIa5HtRJGczKGnPQ8A2DhQBDOQXXd/XUatToww6ZlmUCrEKm1MQtYNgS7Hl+v9Of1upKx8lh3g3oAoQ4Ik99dzWfRsu36iJXQRb2x8P+ZvzTyIEPueUrYJBrQNZTWwAmdK7+KwDyKShk7soQ+Bi8Wz5SNda6E+Oz1iHUBEO7GdH4UaSoNQ5zK8U9TzQc4o7exzDE6FTbrrZZW81RuHkjY+Q2gr+0DjsrIYZuAdV4c4qKwHLHixdNZfAeoFY9rzJNaSa5pM3tqubrKH+e4+AKhJumWeTGQLtiNsocnOuiIpBcH782CfA1diDqEln98DAGF+h3EUkIStWVCVaKEOl7uAcEzR+V2cSq5cYYTkYpUBO4PxvXgmCyD2R5aEaqHXa0SDi7HORjd36xhDmr5Tvcn/1m3mIE+goB4tBKXPupmuGRSiMrJHzl5OnANqctARAHLhzrADIlw4AMJyGSMWCxcNDz+yD+ZK7ANINl47WebrjX6w9unSXSWWCWMlL/5QGP+zNFhwXEv4xdmD4d4h2W96XXxvDQmzxg3Jsyrf3aRhBy70UT3LQpve9uns8B9F/+/QXl1Fk5C3c+vJopVf1Exy2agFrGsHTInN7cyv2406zV8poaw8WyOVl3we5IZ9tCbretqJ6xR9LgtyowUNLFFVg0YKGZvg8VkTn9F/1Tnr++I9Kv+NOX4IbzrHByeHfYgGaIZyXhnRynszZU46VO6hDq/N/T72+zeQSl7dPeJN4QYFh/X/UzhJjbzrkYzAlal2uQrnEg5eIVSSV1vf9ejupRYx91BDbjux7y7JvnIOit/ORbYaJbYWl+VK5z3g2lFY/Abb6YcESTAOePx0qnh3N7w8h1D/TQsxtS9KmY2PHKruYtpEbM+TNFdZvXVXCUQ9Wzxe5ymXHkRAK5MyfGZK2tLynlrwEW6fOJC2KHsO1mrpxW39ZQe1wqPaKTJ5p12FW91dXbZ7fqaCNN1WcJc7P6sGh3gnPJ7ll6Lc85DgkS7l9++kic2p0rr2z5Blq9NHdQB/pufe577sfg8/3f8SVJrrsFb/bWbqKudmBpr+O1i7ix1xqQ+j4f8FwKtSvISllEM4PrIrsukpczI6OpKfK8dLzs3AfF/RpH/eqbCREcK+xl+cjo+phf9MFSFuUiINfGqzA1tR+13oleg4jNfE1NtUj88235Fa0qUA5Ii+rw7BJUXjq4FSRzYo/jlcjPprUZS23tZj58TSbsVLgQJaGuegeFqK0aFR3KKmEcIzj/BRTiO40/omM57SghEV5iMCD/mpG70p0yrXCzABA3Zg489g4gRLcJP6owhK/RMA7kL2eAR3rZjNlwIjUt4g8YZalQ4fHHpWlb+Rw3eBcf7tG+bs2PIVYPmc7QmOF+W3u4gZwdwCWXGHhwiOOtXiosLndnhQwWK0+4pdqcn6OSJnXvz56w/kzbV+U35mEF3daBK4hCUQV3XKpEYw6KcrNJ</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedData>
            </saml2:EncryptedAssertion>
        </saml2p:Response>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:45:12,763 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-04-17 02:45:12,763 - INFO [Shibboleth-Audit.SSO:?] - 20210417T024512Z|urn:oasis:names:tc:SAML:2.0:bindings:SOAP|_c82l06ql3z9e1iuk5h1h44akhetd2qbs5e3z|https://iam.eum.otc.icsi.eumetsat.int|http://shibboleth.net/ns/profiles/saml2/sso/ecp|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:PAOS|_79b459db63ad7fd61bd72d4505531771|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx22aTF26MIrDFo5fOYKAGgP+YJOeO137fVdzkzsjwbpj/Jal/o9dGnQgPxttRqDqR3OESqYPYL5wpX8SYXmzkVPeTkfmFP1Bl0Pawzq56287aGBWcGHQYjFTZ5voJvqJC5k55UHvI|_c05f28dfdcb566f86d7367797005274d|
2021-04-17 02:45:14,009 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPSOAP11Decoder:?] - Decoded SOAP messaged which included SAML message of type {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:14,009 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Body>
        <saml2p:AuthnRequest
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            Destination="https://samltest.id/idp/profile/SAML2/SOAP/ECP"
            ForceAuthn="false"
            ID="_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6" IsPassive="false"
            IssueInstant="2021-04-17T02:45:13.399Z"
            ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS"
            Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://iam.eum.otc.icsi.eumetsat.int</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>I0zeKBzIFBJi4hA093TCpA1HJeE=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>gESbO1DrMxzz9sf+6yAPMsy0a13DKN3LksiUathLFekID4a3ace8TE3hDC9Yt6U74xONC9Ah2Ojxn8MbhFJdXwPHzHtkWBqzVFUZxkWA1m33m0K42yPssmT6YRBdlSYJvAI6zQAjYFpkU0aJMS+HYoExGGVC5vf5gvjwerJcxI30r5ZPxHIx94tiLI+NOurhIdfeRzQNZhP8ztc4PULM/Nt/ZKBgm5+9E4DgjCL71rnvXZfBoHTzZzcol02HyEt5ILKcBeAFA8lwLVBz7eS1h+zm4OGKPK0K1MKj4rJHO3VP/AGa+jqdluy+OJVW3Dd1EOVlE9/GWARUo8WuCxFcfw==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:NameIDPolicy AllowCreate="true"
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
        </saml2p:AuthnRequest>
    </soap11:Body>
</soap11:Envelope>

2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-04-17 02:45:14,010 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-04-17 02:45:14,010 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:14,011 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:45:14,011 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/SOAP/ECP
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6', issue instant '2021-04-17T02:45:13.399Z', entityID 'https://iam.eum.otc.icsi.eumetsat.int'
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://iam.eum.otc.icsi.eumetsat.int' does not require AuthnRequests to be signed
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://iam.eum.otc.icsi.eumetsat.int, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://iam.eum.otc.icsi.eumetsat.int' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-04-17 02:45:14,011 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:45:14,011 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-04-17 02:45:14,011 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-04-17 02:45:14,011 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-04-17 02:45:14,011 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 18832203621667587607088021436286230684931968168257167872795230405254894215980850067536154909197830631021596563357169939025141288325792903445779402655913743610932954428709105184576245804679342024583286736032463367943204530450706526245046609407626399621183218840286753119152458925964376259244052441725228698672336877726814951605086057990054643083405775848564675707375615835217627789844087955313900665870871521060397374272764412191674530995951115898094251299426642547742873614018298714848246841146385338889437961538915294437507286875445216218692006599199269372958584594878711118692775154075888222346153725342565601745161
  public exponent: 65537
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1ftjde869cph7yby7z9fldmljs7z3tdd5jc6 and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1ftjde869cph7yby7z9fldmljs7z3tdd5jc6 and Element was [saml2p:AuthnRequest: null]
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
2021-04-17 02:45:14,012 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsHeadersHandler:?] - Message Handler:  No ChannelBindings header blocks found
2021-04-17 02:45:14,012 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-04-17 02:45:14,012 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow 'intercept/security-policy/saml2-ecp', it supports non-browser authentication
2021-04-17 02:45:14,012 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Available interceptor flows after filtering: '{intercept/security-policy/saml2-ecp=ProfileInterceptorFlowDescriptor{flowId=intercept/security-policy/saml2-ecp, nonBrowserSupported=true}}'
2021-04-17 02:45:14,012 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST' not permitted by input criteria
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP using binding urn:oasis:names:tc:SAML:2.0:bindings:PAOS
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:45:14,013 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-04-17 02:45:14,013 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-04-17 02:45:14,020 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-04-17 02:45:14,021 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: RequestAuthenticated: true
2021-04-17 02:45:14,021 - DEBUG [org.opensaml.saml.saml2.profile.impl.PopulateECPContext:?] - Profile Action PopulateECPContext: Generating session key for use by ECP peers
2021-04-17 02:45:14,021 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-04-17T02:45:14.021Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-04-17 02:45:14,021 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Retaining flow authn/Password, it supports non-browser authentication
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-04-17 02:45:14,022 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: Trimming whitespace of input string 'rick'
2021-04-17 02:45:14,023 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-04-17 02:45:14,023 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@835909626::identifier=rick, context=org.apache.velocity.VelocityContext@6f37f4a1]
2021-04-17 02:45:14,023 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@835909626::identifier=rick, context=org.apache.velocity.VelocityContext@6f37f4a1]
2021-04-17 02:45:14,026 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-04-17 02:45:14,026 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-04-17 02:45:14,031 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-04-17 02:45:14,031 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session e52018e47e1db74e9395321842a76b08037c4e97b2e35f51bd74ab6d50af38f9 for principal rick
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session e52018e47e1db74e9395321842a76b08037c4e97b2e35f51bd74ab6d50af38f9
2021-04-17 02:45:14,032 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_7080138d39cc2e01f42af33d6086559c': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.matcher.impl.AbstractMatcher:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/DenyValueRule:_e86e84f8359014f00e496b0e2b038417': Applying value comparison to all values of Attribute 'uid'
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_829157a5a29f7f30c585dc615c71fae1': Found attribute requester: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.policyrule.filtercontext.impl.AttributeRequesterPolicyRule:?] - Attribute Filter '/AttributeFilterPolicyGroup:ShibbolethFilterPolicy/Rule:_deb424a8d1c673df19c16cd7fd391943': Found attribute requester: https://iam.eum.otc.icsi.eumetsat.int
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-04-17 02:45:14,034 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-04-17 02:45:14,035 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-04-17 02:45:14,035 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-04-17 02:45:14,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-04-17 02:45:14,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-04-17 02:45:14,036 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-04-17 02:45:14,036 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c
2021-04-17 02:45:14,036 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c to Response _1b1877859d682139df8dad2457759366
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-04-17 02:45:14,037 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxZODR/aeaxLPpIDkr5rK2/vguX8Atk2SPoYDjZKQHf/yoDD0uZYqyCGyXX2sBBU2fBmN5zokCkGP5cGzul1NVc+5Jf9HQAputpeTCtlr/y56I6XE8PfILbQJk+sGFAfGIwCEeeVs4 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 80.158.3.50
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1ftjde869cph7yby7z9fldmljs7z3tdd5jc6
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-04-17 02:45:14,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c did not already contain Conditions, one was added
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-04-17T02:50:14.035Z, to Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c already contained Conditions, nothing was done
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c already contained Conditions, nothing was done
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://iam.eum.otc.icsi.eumetsat.int as an Audience of the AudienceRestriction
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c
2021-04-17 02:45:14,039 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddGeneratedKeyToAssertions: Assertion _1b23725b5f1f8d50c002ce7dad8ccd5c did not already contain Advice, one was added
2021-04-17 02:45:14,040 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://iam.eum.otc.icsi.eumetsat.int to existing session e52018e47e1db74e9395321842a76b08037c4e97b2e35f51bd74ab6d50af38f9
2021-04-17 02:45:14,040 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://iam.eum.otc.icsi.eumetsat.int in session e52018e47e1db74e9395321842a76b08037c4e97b2e35f51bd74ab6d50af38f9
2021-04-17 02:45:14,040 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-04-17 02:45:14,040 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://iam.eum.otc.icsi.eumetsat.int and key AAdzZWNyZXQxZODR/aeaxLPpIDkr5rK2/vguX8Atk2SPoYDjZKQHf/yoDD0uZYqyCGyXX2sBBU2fBmN5zokCkGP5cGzul1NVc+5Jf9HQAputpeTCtlr/y56I6XE8PfILbQJk+sGFAfGIwCEeeVs4
2021-04-17 02:45:14,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-04-17 02:45:14,040 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-04-17 02:45:14,041 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b23725b5f1f8d50c002ce7dad8ccd5c"
2021-04-17 02:45:14,041 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b23725b5f1f8d50c002ce7dad8ccd5c and Element was [saml2:Assertion: null]
2021-04-17 02:45:14,041 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b23725b5f1f8d50c002ce7dad8ccd5c"
2021-04-17 02:45:14,041 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b23725b5f1f8d50c002ce7dad8ccd5c and Element was [saml2:Assertion: null]
2021-04-17 02:45:14,048 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1b1877859d682139df8dad2457759366"
    InResponseTo="_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
    IssueInstant="2021-04-17T02:45:14.035Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1b23725b5f1f8d50c002ce7dad8ccd5c"
        IssueInstant="2021-04-17T02:45:14.035Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_1b23725b5f1f8d50c002ce7dad8ccd5c">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>IJl69zE6dbp7Ai/572oK66UW3rFh/UI3OklLo+oElC4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>rZD5Z8yO5q9lCyYg8zPoSOLulmvqSkU7N4UNvL5YzN2QR80B6cZrJUnLrtsJa+HwwHTwYew3iLM5NhYtZZWFmDmo8uxHscgOVoz7n26jzVSerkXFZeSlg9lc8z5nDj1j+iTYxdclHttCjCaMVg8YixDFj882rmJNbO76cK4AVUfzXjsbOyJlpyuQ8Wx8vRSTGXHnwAKZnZi2QvBwOHPQdlevnqDxv/nXBp3eK5tNffYiPH9a4/Pu5AHmFCHCtBW4/MPiNl3wF22wDN/tLAj6mDDPIca2sNiQp9/4djNrOGKpaBI/LRXlSbNpLiV5xB4Cn6oqL4T1Dx8ao9NV9A/eKg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://iam.eum.otc.icsi.eumetsat.int" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxZODR/aeaxLPpIDkr5rK2/vguX8Atk2SPoYDjZKQHf/yoDD0uZYqyCGyXX2sBBU2fBmN5zokCkGP5cGzul1NVc+5Jf9HQAputpeTCtlr/y56I6XE8PfILbQJk+sGFAfGIwCEeeVs4</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="80.158.3.50"
                    InResponseTo="_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
                    NotOnOrAfter="2021-04-17T02:50:14.038Z" Recipient="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-04-17T02:45:14.035Z" NotOnOrAfter="2021-04-17T02:50:14.035Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://iam.eum.otc.icsi.eumetsat.int</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:Advice>
            <samlec:GeneratedKey xmlns:samlec="urn:ietf:params:xml:ns:samlec">EfN+qzuJtKhtUR2K02ptDmt0paR/cQca/Is6QYktDwI=</samlec:GeneratedKey>
        </saml2:Advice>
        <saml2:AuthnStatement AuthnInstant="2021-04-17T02:45:14.026Z" SessionIndex="_ecef3a4359045f655ec713e3e87a16e3">
            <saml2:SubjectLocality Address="80.158.3.50"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-04-17 02:45:14,050 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:14,050 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP
2021-04-17 02:45:14,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b1877859d682139df8dad2457759366"
2021-04-17 02:45:14,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b1877859d682139df8dad2457759366 and Element was [saml2p:Response: null]
2021-04-17 02:45:14,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1b1877859d682139df8dad2457759366"
2021-04-17 02:45:14,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1b1877859d682139df8dad2457759366 and Element was [saml2p:Response: null]
2021-04-17 02:45:14,052 - DEBUG [org.opensaml.saml.common.binding.impl.AddChannelBindingsHeaderHandler:?] - Message Handler:  No ChannelBindings to add, nothing to do
2021-04-17 02:45:14,053 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<soap11:Envelope xmlns:soap11="http://schemas.xmlsoap.org/soap/envelope/">
    <soap11:Header>
        <ecp:Response
            AssertionConsumerServiceURL="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next"
            soap11:mustUnderstand="1" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <ecp:RequestAuthenticated
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:ecp="urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp"/>
        <samlec:GeneratedKey
            soap11:actor="http://schemas.xmlsoap.org/soap/actor/next" xmlns:samlec="urn:ietf:params:xml:ns:samlec">EfN+qzuJtKhtUR2K02ptDmt0paR/cQca/Is6QYktDwI=</samlec:GeneratedKey>
    </soap11:Header>
    <soap11:Body>
        <saml2p:Response
            Destination="https://iam.eum.otc.icsi.eumetsat.int/v3-ext/auth/OS-FEDERATION/SSO/SAML2/ECP"
            ID="_1b1877859d682139df8dad2457759366"
            InResponseTo="_1ftjde869cph7yby7z9fldmljs7z3tdd5jc6"
            IssueInstant="2021-04-17T02:45:14.035Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
            <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                    <ds:Reference URI="#_1b1877859d682139df8dad2457759366">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                        <ds:DigestValue>v0y6eEOvHZfHSVqYw3NZgepAmBM/+4RnhDG+HXa1SuM=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>YEXem0vdY0R8uZBGLfQnVD9ksE/VUVMZta2wCIUwaIlmgg1w/FQXrXkV4c2NzHGqpZadfjeKa9aFk1WOjpLP5VIor9shdPtIjYVncBWESp88KX6eZfPgC0gefN3aMkEkj/Kw5xebVeAoANWzDpYnsYYXLOBp/2ynPkG0Qqj5B1vUZTbjNLPdLIwercj//B/B3WVTOU7DvjIOd+He8TqCE2UcpSHImQjxtQQLSN3LIPiPpF3oyG5YjkOB6jSO2LNoirLcbxIXq6e8sy3hZzugZ/Q5eqwWe3opbcz6xcAn+NvXH/kkqpL3fgigY6VNb4fi7fZb2/ff7lKetFu7goko1g==</ds:SignatureValue>
                <ds:KeyInfo>
                    <ds:X509Data>
                        <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                    </ds:X509Data>
                </ds:KeyInfo>
            </ds:Signature>
            <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
                <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
            </saml2p:Status>
            <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
                <xenc:EncryptedData
                    Id="_7555191b46b405663ca4bc4b9f342ab6"
                    Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                        <xenc:EncryptedKey
                            Id="_936314c0af2f2c4dd805cabf82c63ef5"
                            Recipient="https://iam.eum.otc.icsi.eumetsat.int" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                            <xenc:EncryptionMethod
                                Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <ds:DigestMethod
                                    Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                            </xenc:EncryptionMethod>
                            <ds:KeyInfo>
                                <ds:X509Data>
                                    <ds:X509Certificate>MIICvTCCAaWgAwIBAgIEJj02hzANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDEwRkdWFuMB4XDTE5
MDkyMzA2NTExNloXDTIwMDkyMjA2NTExNlowDzENMAsGA1UEAxMEZHVhbjCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAJUuBpyrScYDr1iopNsXACQ0tM7uW1FpnRfqjdPRo7ny0bLS44zt
xjDFNvDBupzDlQgVLT0yJ8CCcaF1GJz1N9JUTghKGi1curKDKxqF45yIudnONitcz8NiZhY8s04c
7+YsXL6/6nmjkQNgmoYU2xhS5ZvQ2gNVzRnl54Kbqjp2DRS0x0Hxid0hVgeSfo13Ako8iVFrz5O7
zwncuPjc2ibPUvflkOY6+EbEq8C6mP5PuVMqwj7DYBTKGBCkLhMlDGPD4O3ix/y6p9CEOh/wovCl
XESgBg3g8oQGMZW/X7xiqa2725MCf+ZDV6uFdP/AM5lUcbQSbweJ98vScXgtmQkCAwEAAaMhMB8w
HQYDVR0OBBYEFPBd1yRfpVSJH8UGdvcxOBgnC0PXMA0GCSqGSIb3DQEBCwUAA4IBAQAGjNjZDAS1
LLBWROlgZjWdS0ohuY8Nb66gMCHdeCYyx9A3uGKEY6RhTf/ql7ecnldpAoxi3QJonu73EQB3TTzG
2KONB91gKWuLkfjIHq5cObX6JO/gkYVf4ssvUU16Z3jCr3o7f4k/y5SVhuBZZP4y+SoQZCm9G9F4
4yBKmaYmxRiCNDgcDS7SMo7h26fWM7ZW1J71LEj1uglyI4Gv2DvNcK+Jh5CJMMTkGern0v9xIYOh
12yNYPR4oVe2Au966dwQVLQCDB7iALYm1Zo2d83cLcn8mTI/p0IoONmHNhhyc5lxatlDnxqNuUsT
eiHha7UmKhYFfQm3tSIPGPiXD89h</ds:X509Certificate>
                                </ds:X509Data>
                            </ds:KeyInfo>
                            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                                <xenc:CipherValue>iq7QebFDz6NXKL46sfOWVXDUAj7CN66h/wvan+gAciPdMtfsmMjuw3cEPaqk7OTUOf1Pvk+kGR4x+A7Y56vKA1zKWEiphjFfQUKlqsZx1QVEOJI7YuXMdsZ1VpdFHk+ZzrlfBZiGrhbZMifEesoLk7JYrXI5Jya