2021-01-16 00:01:39,047 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1610755298_e26e
2021-01-16 00:01:39,047 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:01:39,047 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:01:39,047 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_b3db3bd69567d4d76bfe94f3e65a8487"
    IssueInstant="2021-01-16T00:01:38Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-01-16 00:01:39,056 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2021-01-16 00:01:39,056 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:01:39,056 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:01:39,056 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:01:39,056 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:01:39,056 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:01:39,057 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:01:39,057 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-01-16 00:01:39,057 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:01:39,057 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b3db3bd69567d4d76bfe94f3e65a8487', issue instant '2021-01-16T00:01:38.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:01:39,058 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:01:39,058 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:01:39,059 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:01:39,059 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:01:39,059 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:01:39,059 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-01-16 00:01:39,059 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-01-16 00:01:39,059 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:01:39,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:01:39,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:01:39,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:01:39,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:01:39,060 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:01:39,060 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:01:39,060 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-01-16 00:01:39,060 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-01-16 00:01:39,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-01-16 00:01:39,064 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:01:39,066 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:01:39.066Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:01:39,066 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:01:39,066 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:01:39,066 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:01:39,067 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:01:39,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:01:39,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:01:39,228 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:01:42,846 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-01-16 00:01:42,846 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-01-16 00:01:42,846 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1045890255::identifier=morty, context=org.apache.velocity.VelocityContext@28baaed]
2021-01-16 00:01:42,854 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1045890255::identifier=morty, context=org.apache.velocity.VelocityContext@28baaed]
2021-01-16 00:01:42,855 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session e0ba4ca2919b39bac8446698a1396d0044e04aaa66d0249819d39a677aebd0dc for principal morty
2021-01-16 00:01:42,855 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session e0ba4ca2919b39bac8446698a1396d0044e04aaa66d0249819d39a677aebd0dc
2021-01-16 00:01:42,856 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-01-16 00:01:42,857 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4bc208bf'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:01:42,858 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-01-16 00:01:42,859 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:01:43,019 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-01-16 00:01:43,786 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210116T000143Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1642291303786}'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:01:43,786 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2021-01-16 00:01:43,787 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4bc208bf'
2021-01-16 00:01:43,787 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:01:43,787 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-01-16 00:01:43,788 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-01-16 00:01:43,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-01-16 00:01:43,788 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7d1552c44b6c3f66f2873f2e0464e89c
2021-01-16 00:01:43,788 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7d1552c44b6c3f66f2873f2e0464e89c to Response _f298bd5a7a5b923251fd8a4e03df49fc
2021-01-16 00:01:43,788 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7d1552c44b6c3f66f2873f2e0464e89c
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-01-16 00:01:43,789 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-01-16 00:01:43,790 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-01-16 00:01:43,790 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxbxa1Nn1TJ/iobJd72NrePbeWh7R9vuO3mBf27o1D7f/3A8HFDMS32e2fN6PVPG82n3nARQ18LuGQf1DuuwYHMnj8vct1ufWBXBi78Tbj/ZCjDS5+/YQ5UYNAmUttjVfvkBYD6SJV+4qqJ8RHreTI9OIBCGwiJA== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 35.205.41.137
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _b3db3bd69567d4d76bfe94f3e65a8487
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7d1552c44b6c3f66f2873f2e0464e89c
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7d1552c44b6c3f66f2873f2e0464e89c did not already contain Conditions, one was added
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-01-16T00:06:43.787Z, to Assertion _7d1552c44b6c3f66f2873f2e0464e89c
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7d1552c44b6c3f66f2873f2e0464e89c already contained Conditions, nothing was done
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7d1552c44b6c3f66f2873f2e0464e89c already contained Conditions, nothing was done
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2021-01-16 00:01:43,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7d1552c44b6c3f66f2873f2e0464e89c
2021-01-16 00:01:43,791 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session e0ba4ca2919b39bac8446698a1396d0044e04aaa66d0249819d39a677aebd0dc
2021-01-16 00:01:43,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session e0ba4ca2919b39bac8446698a1396d0044e04aaa66d0249819d39a677aebd0dc
2021-01-16 00:01:43,791 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-01-16 00:01:43,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxbxa1Nn1TJ/iobJd72NrePbeWh7R9vuO3mBf27o1D7f/3A8HFDMS32e2fN6PVPG82n3nARQ18LuGQf1DuuwYHMnj8vct1ufWBXBi78Tbj/ZCjDS5+/YQ5UYNAmUttjVfvkBYD6SJV+4qqJ8RHreTI9OIBCGwiJA==
2021-01-16 00:01:43,791 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-01-16 00:01:43,792 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-01-16 00:01:43,792 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-01-16 00:01:43,792 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f298bd5a7a5b923251fd8a4e03df49fc"
    InResponseTo="_b3db3bd69567d4d76bfe94f3e65a8487"
    IssueInstant="2021-01-16T00:01:43.787Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7d1552c44b6c3f66f2873f2e0464e89c"
        IssueInstant="2021-01-16T00:01:43.787Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxbxa1Nn1TJ/iobJd72NrePbeWh7R9vuO3mBf27o1D7f/3A8HFDMS32e2fN6PVPG82n3nARQ18LuGQf1DuuwYHMnj8vct1ufWBXBi78Tbj/ZCjDS5+/YQ5UYNAmUttjVfvkBYD6SJV+4qqJ8RHreTI9OIBCGwiJA==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="35.205.41.137"
                    InResponseTo="_b3db3bd69567d4d76bfe94f3e65a8487"
                    NotOnOrAfter="2021-01-16T00:06:43.790Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-01-16T00:01:43.787Z" NotOnOrAfter="2021-01-16T00:06:43.787Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-01-16T00:01:42.855Z" SessionIndex="_9e7dc78c8ab5abd67561f41717ddbd1e">
            <saml2:SubjectLocality Address="35.205.41.137"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-01-16 00:01:43,794 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:01:43,794 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:01:43,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f298bd5a7a5b923251fd8a4e03df49fc"
2021-01-16 00:01:43,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f298bd5a7a5b923251fd8a4e03df49fc and Element was [saml2p:Response: null]
2021-01-16 00:01:43,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f298bd5a7a5b923251fd8a4e03df49fc"
2021-01-16 00:01:43,794 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f298bd5a7a5b923251fd8a4e03df49fc and Element was [saml2p:Response: null]
2021-01-16 00:01:43,796 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-01-16 00:01:43,796 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2021-01-16 00:01:43,796 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-01-16 00:01:43,796 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1610755298_e26e', encoded as 'cookie&#x3a;1610755298_e26e'
2021-01-16 00:01:43,797 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_f298bd5a7a5b923251fd8a4e03df49fc"
    InResponseTo="_b3db3bd69567d4d76bfe94f3e65a8487"
    IssueInstant="2021-01-16T00:01:43.787Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_f298bd5a7a5b923251fd8a4e03df49fc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>G9d6sWN5KG1Quv1o2yseIXUwjzqfz2T8wExYDCWU5Ql9l3/ReKiojtPlHkeO8bWM0SCwZ7y0unFPi7F7DeDB0w==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>dmmVVa67Ic/CUWhmcN2q62zNuW2i7KScgqwdoHorXMqdoHXVEW1AE7pAA41KkejF2ZRO8Oj396D7BS/V8/kp8qGEOMwpOH1WJTfHIW5+zwfpR3KgEU+bJlCoCbKwfcSElZsNvpP0MZARwjRSi8CiBVQYccEV8gsUVJEwOInmYrZr1zPw3BU7bpxjaCDk62jfd7FxXMKtxWHQIM34p7AAzefPWwXzzCv6apABpN3I4gZb5QFWGrQH6fVzXkDMKVrACKYBQRWN7EYFP65Sfnrtt7P4JjGB7IGG3vFlib1XgVR5XG4/soU+YrE4yv8PPNSi9ymHwgNk1D/EM8IfJ2KZRA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_bbe2e3604527ccca89ad5825f27f616c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_81765d0d166833e9e54f7ec8e253e276"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>kea6EpklQNrrR8KK1Bq9hPgayjDS8CqE4LC+HIJG/eS3/uqIGgEEKNY36QlxY7IfYTyiZClB01RLP71WUyt2XLH89vYc7i7KCOKmxP6orOScLIG7JTpf3SVq/jluwemmQaXJ01nqzlL0AQPQUpKBE76P5+tFapXecaZ3q2cRb3XHaIvHwLy6wKhJeCfT0GbfFoFNDeKBt6vJ6XGeKpmdzhDGw6D+4AcFKd1WgsgUxgO6YbMvRpvfuOeA/az0SDHhtwfsQhbfM8Ybz+neUqpU1u4vgWzO8ADWekTa49/6aVplLszBZ2DbktptYlxTNL3j2M2f+F6jgi+QQbaxbjLZiA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>5mEPW5yp/JbT2y8CkiZF3R2Pw1z2zjZi4FLbynjuPiTppoM2d3BSQ2Juye/Num+Ane0+4S/yXGjsT4KgINteEMllxQL+03U4st7uw/6YNsSBCTr1TBzoWIRE7QNOZBdUoDW150d697bqT92AE0FxaqwEycWHwY0fGWGzXfYiiSTc2X8tEaiz1RmT4vgnWzhJGrF7V78ZwBnzCNacrVOadfIrdodGAW1zYlQsuvo+NBphqwSQ1tPHu1uN87WlZngHlBzzWCbIaPtlcFDTAfQ2bbqPbx1qaUR72bS6zcQmtKksC4pvvWcFqExsjUebGy20rfml9S0w5ItMOWRDa4IyOOEHkZUZW6jz4PGJ91a8MYTmZtX0zHnzsvQDnnnZysn+EJrKEjHX3XmAShN51YU88czQbCqKVC6/al2YB/DcYgwgZSKJV+JL4PfVbj0aEhPoyz1WEUvPJzH4p/aIS6gzHrBN9/oqidMWM3+GOv/0Whrvg9EDeuZMgpeBHpUKPOVDP59iF/FTgsNuixUeRrMHJaXoYDFmNqRcfEkqAh36vFJLOZMs3IZ/hUip12GSG3SpZ+3V6ANA6QDU9kzMOrrGeri6FeH5o5aCWkoUU3Xee+LZzpQw6+cCxrmmwtphgZ8PfnEhcUZq2JJ+3Fv9thkOruG5Vao2iDoGoSYuISdrUAHhE28K/yk0B0FD9GZ+oMqSMg7nj5Pez1qM1BbdjD1CrHSN0YvbrDgGZwQ4rd6W4PuP1PX7Tb+iXdOSmdSKSYgiC2wHRNOmJG8bTH3V5rcqNvt2xpZBqN4Zd77LE/RUmwOX1x11aeQc1h6JKSV9zWXc2iy+4LIjZaZOQViOd7wNc6MnqGjCjtez4Lcx1E0QRAbT4VHtFiSJOx19yCsLeA2UXyS/do4uDVURp7yZZg/1FWxkrJeGYpoRt22FyMUsAYqktF1ZE9zTWwfvzPmUDPUH9Bt/G5PQz7wvWQNxbrWt9CJZAswg5R7LnG18gDc3PlAo7lkRXrowDewSRf0NdL8SwGHg4kEdWIJbK6YqTkiztYmLiY0GPCYRw8x/Sn0ZsGlbxdiL0IRhKv32zjJEie1oWWCN4w3TxL9NKf+mVumwyq1AnUUKCG71bciA2GS01tgSutZYZoYz9LFPb+NE/5+ilJsduwIXllsEDjD/RPABUJ2VLoW+Odu/Qz3hpf74Whi6AI4bMWfTxbng2L/5Xxhjf8b7L18lYMj2Mr9Fq81/98c4Iich0cGQaqCJYvQqBO5DgyCgwVRqHObwVfzd5CMejqsv1ArjJuOo+36fFOxNec4sGUqQfrR09FO3VpMiYZGTTh2iyUfARtHsxlvpX+AxuTLs+gaJhXsHDbGyP64wRpAudNgp4Aoog2u0tOsSzziw7TU2GhtyhYFKTqesk3USH1z1zBkHWsgHjN/aCakqyTjR2qF2LsE2uP+FsiYB/FoHpq6C57RI6zuaNtvONmFGWcOkhm63JgPR9uTGAvwqBJyyEWLWJ7F5SfGxXZNk2GrIe02j2rVyeEhmxWAzPpyZ1e2sEzpYnp/Nmc4F9iwKANMOwybL0PvgDGs/NZIs+SY+uDRy+Fqo90dqAdF3+5T1K2yZuF8kWKD8y81NZDvjll5m2dNJPAZrPkqMO4cN3m6mhAnkTI7kzsS7CJHi+vbgFYZC43Vw0gcAdHPKaDG/E3nz2hDBC0XREcXRDKdXiebTuLxJlaO3h/QtARFRn+9ekNYmUQ5j81e/IDxZI7YAjx+Qn5g+23P6maHFv5C4UlgJikLbM3acI0qPItGqWyR0OzDvj90ZTatJIUB+6dSleQU+jppp0oXJQrlhIQ7QGIHlZZmbc6OKhPFFXMTqRp6mkbCzVw+t4gdJs2XgrDuygeroZ1GAZzQzMQImt+ygUwxArdXDeD27PsXpc1/ETMvTT5p/+4sQkjgw0V5gDzgbHLjKtPdFtPlT9Pc1hA8WTyQaJwmAYiTZW/yGFiIetHQkpRdvhmqv2Vi0iqHEGDRqJeIVUtAsheZmjYzjGLMYAHOXdbxYsf5ccigjC1BBvC3nsytBr48xfBxkn9N+csRmvlNEchK7I8y34onwxuQHHqXq59tsZJ+g2UjLUCEyDwOwUUXHC7lZmgPYfkfTBYqKpO9rhxn+RGbVaF6EVrwD+BmhNqUTSI/mLhYPNlF5oPVdYBANvSVEykMcQqsCTkW9UgYuxOzdyFTYEZYA0BjCFgClj2ua+fyquSSrLlOWFQmJGtEn18/paYuFqRObKWNqMyEIddb1i4O/MLZvMHyS/OK3+5JICqk28/TLgCEZMP3F9RQ9NtTdYK22fCqJBm/zLCvHzYRex8pGwMpm29avcr+ONDR+/Ry4Ckw7uDqVMiD+2scn7eU5REL8fXOeVHTy/6nrjW7A1o6YvJpkNRCMwbdqoZUP7jTxPFPwHHqIMXBJHt6QhcL1EaV2aEvn5DzYMyIH7FbTh9BgbqMyG2CU/LqFXbO+an460auWzCkTxMT5TGJvb9o60ln2rUAF0r0qgcXB8+QXenOfYb6U+UHi9mjq9kNX8rhhGx91t30ym3cJVveEcgBUMzITNhkjnjFl0ee8Cypjg+OfPrC+9xn1XCPsesD+fuahu4brVooywjX9ov3BDK390431t26WlM9tzf57PQoMmy7NrklyHPgRuAOHLQ7KCZ/oMdhZWazt87UIv+RCNUKpnc5a04vJ/xUvqIrLWw3nekGXQe0TyBxBF31NBHBHEIBQKrBLnnykoT1A5YzsS/jw9rNxrEmfn5vFtBuDzxRzdjFR0DD2exAKZTv0QFB0EuBm4LuBHz9Mp4XK74lKEMp4AlVShaZ98Ziq5WCYVHp3hRvjV8ApRIGdauiLdfrc5H4ssAZH+sycyl5bOt50LPLigP4bdtAhDcHtwBfWySNuEBf1phVx8gfWY0psWJa7F+1kMhm+m88+qoUFWgJj5TtjCRKpfloH/cA3CWkNVVFDGOULyJ1fYHUmBnV5Cyr6qOwfIMUvEfWgd73kvcJQQp4X48wwR2hqma6/NvJKVq31Z0Q8OIJdgItJ8uLLC86i/OoTEsjDeG48RpY26ZjyhuZS8IDCesTU2h7vrpgI7opzKxaUAllQGRNe376DghAXzLKjODaDKik7S/SxFTj++TbYZhXJmOUZjRpARo3ZiQ72rJ6kcm0Evw50uQ4C2vU8CS26m7qff8gQ4uF8PU8yOu+BKHxZTBR429IZ3pZSgaTv+k91QpEAHoAUMslUgErzFIS6Jlrmdndfjn02qPGX+wEaSgBuGW69G9tebMfluBQPJuyHPvXJTDepL9FiM6pQgsLXSbm8+hQqWUWAS2v3kKJpxLWOeF2wztDHtGhSEE+FKADSFz/wqpVw4nTv+31G28EJKbjAdTIZNJjBQTKEnYZzou5n6pcpRo5j6EqB0I3f7qgl9Tz+8484Z2gS3NJh1ou8EhmTe2ycPUKbz9S7R4BZh3vFTX45tJdlvfgg36unr3PagQ5TyBBORKdVTBcpwLIPRG7EsBUNqs8MxY0sRZpqfbqMXYAIL78eD4WYDs5HdRt5Ns6X2KYJaSZ0dMii1RgOAUlBqy7B0Z7ORo8S/l9EnuP8TgzsjS91ywm2ckcnN4ErI5WAzTjobIrUakOzn2qZYKgwTH35Ax5befBRebGQ6gwiIBPbibQiCePeCcQlzFezPyttFYHfexTCHuE8oEnFmvQKfuRUwd7TvhTal5FyXfgra4fL1zD+48D4TJ+R9QUJUssDEzskbhg1+3nKPK513kmjjLkzUZE63SuKAWXAIXTI+lPJP8zWUBLjRa4XnzHeozcsioExgZ4TTq1l0lsb/st1GQLWVsrSM21f1FkPCf7+31hOqCqLVkzHFC6B24V2q5VuK0H/vkb5PtCKgq0sbFhBH4hbUve53DNvbQ9ZMKobyNjaG9DKgw24Tzf7AXrp8CHoiNGdJxvHARC3Hcmq01i//Bmwkst2+G8x3BSYugmwoegVcI8R22KONa5iPGnPfGHNalpRiiNeS7T3fixnwUCuQW9oUbuoV4zYv3jexWmRgQ+8NNWdgPzjBGC5UpZhnZX5ei5AibwPHWI4ne7LG1wA7pI6hGrWVNpMaARXAFqce3y8oHktFyQSnWZXRsqXQYunWmuwRgQGQ5kA/emMFoNZi6NQfV/wTXS2CeZyzJwMMEHwiP7oFYORDgxrHyygzmuXrr97glSXxzpgQ4oKKAnLmFgRIJA4FQRQWyyho40z3AYShaGH46trZX5rTtEB3NzS4K8iVtGInY88JjdjvggxE7jahnrKQBkZ/YMi+WIImqltpw/+Pq+n4RiZbqYy64f5ajLbOY0nSM7KmNIq44DfDgtzh4y9yduTe7Q45aV54RxxsvxT0lLcDDGwm/yeXDzPgGKptIXJo5nB0nwBYsHYQEuKCjJei3yC2qn0y2jBhNq2cp0hOuIEsnC4xOnWrmnmLiEm337wAa2wIOysaxrPOPNNPXJGht/b/31LmTVtnvqqZouonCcDSBSKqoEnENbWp/3hYKjc3Dv516Omtoo52KeSNN//ROvgcfdqAWNBWUH8LTDz9lB+cCv8Q2z8K6wskqt6GMQS8RtBJIiNFd3xfZhFqJNSRT7RYgXn2WEegq6jMT/iUMx501KWn1K0LIyChjeTC8X31tMkA3m0EmfKchwh0gu3iesEc0XeqvWW/FujD6FLaqU4TKxb1wOmkvZkEXbAjCRyDVv8ZF7DhJIv2B/3TOs6YhNKxiGfMSuD+IyHMqY5RDMIC+QEACdB0rDsJ8DHxVJde2q3ivAUjjCA78DYNIKpt9RaZOZ77vydpxrRTB05kWuth7UACc8DGaP/Bb1U5mhdAIPpsJudob150wJ8JVeE3wj+eb4YEP2KCAda9/FKy5B1q0auECgRxK2mWwtsfjebsHifLQfcs17sF028EJa2XKxh8knXykbyvQtekJ8tVUKOROoPemS4MI6qmxDfNJPpWzM1BO8UN92D/69xtqIUEX8TxPF8/sXUBiCQ7H5KMOkktxK8neyR+QU8BE72DmMy93QfPKqMlayzYeeQLphdid1bg1wefPushtSE10eV9wtziAeVjLVoCTtLBEUBFEGmmI3kn0Z28IbbGewA3XYUmTRHVeEsh2NigfDpDQYjvskp1+OH3A/bn/xVY5u9kxGK+W89HEZEooSymVgChs2TJg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-01-16 00:01:43,797 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-01-16 00:01:43,798 - INFO [Shibboleth-Audit.SSO:?] - 20210116T000143Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_b3db3bd69567d4d76bfe94f3e65a8487|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f298bd5a7a5b923251fd8a4e03df49fc|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxbxa1Nn1TJ/iobJd72NrePbeWh7R9vuO3mBf27o1D7f/3A8HFDMS32e2fN6PVPG82n3nARQ18LuGQf1DuuwYHMnj8vct1ufWBXBi78Tbj/ZCjDS5+/YQ5UYNAmUttjVfvkBYD6SJV+4qqJ8RHreTI9OIBCGwiJA==|_7d1552c44b6c3f66f2873f2e0464e89c|
2021-01-16 00:02:30,571 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://34.249.24.65/?XDEBUG_SESSION_START=phpstorm
2021-01-16 00:02:30,571 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:02:30,571 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:02:30,571 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://34.249.24.65/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_D4D2ECF10C0E724BD4AD34DFE4B4E6FB"
    IsPassive="false" IssueInstant="2021-01-16T00:02:29Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://34.249.24.65</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-01-16 00:02:30,578 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://34.249.24.65' from origin source
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:02:30,578 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-01-16 00:02:30,578 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://34.249.24.65
2021-01-16 00:02:30,579 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:02:30,579 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:02:30,579 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:02:30,579 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:02:30,579 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_D4D2ECF10C0E724BD4AD34DFE4B4E6FB', issue instant '2021-01-16T00:02:29.000Z', entityID 'http://34.249.24.65'
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://34.249.24.65' does not require AuthnRequests to be signed
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:02:30,580 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:02:30,581 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://34.249.24.65/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:02:30,581 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:02:30,581 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:02:30,582 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:02:30,582 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://34.249.24.65
2021-01-16 00:02:30,582 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-01-16 00:02:30,582 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-01-16 00:02:30,587 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:02:30,587 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:02:30.587Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:02:30,587 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:02:30,588 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:02:31,554 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '34.249.24.65'
2021-01-16 00:02:31,554 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:02:31,554 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-01-16 00:03:44,780 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1610755424_f427
2021-01-16 00:03:44,780 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:03:44,781 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:03:44,781 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_4151462bf70a030a4331e124eb05f460"
    IssueInstant="2021-01-16T00:03:44Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-01-16 00:03:44,788 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:03:44,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-01-16 00:03:44,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:03:44,789 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_4151462bf70a030a4331e124eb05f460', issue instant '2021-01-16T00:03:44.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:03:44,789 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:03:44,790 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-01-16 00:03:44,790 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-01-16 00:03:44,791 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:03:44,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:03:44,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:03:44,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:03:44,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:03:44,791 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:03:44,791 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:03:44,791 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-01-16 00:03:44,791 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-01-16 00:03:44,791 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-01-16 00:03:44,795 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:03:44.796Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2021-01-16 00:03:44,796 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:03:44,797 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:03:44,958 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:03:44,958 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:03:44,958 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:03:48,570 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-01-16 00:03:48,570 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-01-16 00:03:48,570 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@679739045::identifier=morty, context=org.apache.velocity.VelocityContext@60d88e3f]
2021-01-16 00:03:48,571 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@679739045::identifier=morty, context=org.apache.velocity.VelocityContext@60d88e3f]
2021-01-16 00:03:48,572 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-01-16 00:03:48,572 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 4bd7d01538af94259c031493a58ec5976d4e6adc8721ba3d756cf2f193d34f3a for principal morty
2021-01-16 00:03:48,573 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 4bd7d01538af94259c031493a58ec5976d4e6adc8721ba3d756cf2f193d34f3a
2021-01-16 00:03:48,573 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-01-16 00:03:48,574 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1828c28c'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:03:48,575 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:03:48,576 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-01-16 00:03:48,576 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:03:48,738 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-01-16 00:03:49,506 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210116T000349Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1642291429506}'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2021-01-16 00:03:49,506 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1828c28c'
2021-01-16 00:03:49,507 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:03:49,507 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-01-16 00:03:49,517 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-01-16 00:03:49,517 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-01-16 00:03:49,517 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d38c2d8cc7d90f87dfad977815c95b5e
2021-01-16 00:03:49,517 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d38c2d8cc7d90f87dfad977815c95b5e to Response _59d1040b056f228e8d878d6af25b12f1
2021-01-16 00:03:49,517 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d38c2d8cc7d90f87dfad977815c95b5e
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-01-16 00:03:49,518 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-01-16 00:03:49,519 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-01-16 00:03:49,519 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx1yN+YYw4eS9UGmxA0A3BqzJajQc8WxaTOcSmhkDS08VcRa6q557fXeERnsDJKp9EqxlY6EqHMBqLdEPoCWN4Vpi26hrzELVIwMvzIa15PEpYAQ+DAAwaGFTvQGIsBH2qVKy2hSnuMYPsO6rz6U3fb5FEDIQ04w== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 35.205.41.137
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _4151462bf70a030a4331e124eb05f460
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d38c2d8cc7d90f87dfad977815c95b5e
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d38c2d8cc7d90f87dfad977815c95b5e did not already contain Conditions, one was added
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-01-16T00:08:49.507Z, to Assertion _d38c2d8cc7d90f87dfad977815c95b5e
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d38c2d8cc7d90f87dfad977815c95b5e already contained Conditions, nothing was done
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d38c2d8cc7d90f87dfad977815c95b5e already contained Conditions, nothing was done
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2021-01-16 00:03:49,519 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d38c2d8cc7d90f87dfad977815c95b5e
2021-01-16 00:03:49,520 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session 4bd7d01538af94259c031493a58ec5976d4e6adc8721ba3d756cf2f193d34f3a
2021-01-16 00:03:49,520 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session 4bd7d01538af94259c031493a58ec5976d4e6adc8721ba3d756cf2f193d34f3a
2021-01-16 00:03:49,520 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-01-16 00:03:49,520 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQx1yN+YYw4eS9UGmxA0A3BqzJajQc8WxaTOcSmhkDS08VcRa6q557fXeERnsDJKp9EqxlY6EqHMBqLdEPoCWN4Vpi26hrzELVIwMvzIa15PEpYAQ+DAAwaGFTvQGIsBH2qVKy2hSnuMYPsO6rz6U3fb5FEDIQ04w==
2021-01-16 00:03:49,520 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-01-16 00:03:49,520 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-01-16 00:03:49,521 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-01-16 00:03:49,521 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_59d1040b056f228e8d878d6af25b12f1"
    InResponseTo="_4151462bf70a030a4331e124eb05f460"
    IssueInstant="2021-01-16T00:03:49.507Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d38c2d8cc7d90f87dfad977815c95b5e"
        IssueInstant="2021-01-16T00:03:49.507Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx1yN+YYw4eS9UGmxA0A3BqzJajQc8WxaTOcSmhkDS08VcRa6q557fXeERnsDJKp9EqxlY6EqHMBqLdEPoCWN4Vpi26hrzELVIwMvzIa15PEpYAQ+DAAwaGFTvQGIsBH2qVKy2hSnuMYPsO6rz6U3fb5FEDIQ04w==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="35.205.41.137"
                    InResponseTo="_4151462bf70a030a4331e124eb05f460"
                    NotOnOrAfter="2021-01-16T00:08:49.519Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-01-16T00:03:49.507Z" NotOnOrAfter="2021-01-16T00:08:49.507Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-01-16T00:03:48.572Z" SessionIndex="_c856542e6ce55cbd7183742f38a2d458">
            <saml2:SubjectLocality Address="35.205.41.137"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-01-16 00:03:49,523 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:03:49,523 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:03:49,523 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_59d1040b056f228e8d878d6af25b12f1"
2021-01-16 00:03:49,523 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _59d1040b056f228e8d878d6af25b12f1 and Element was [saml2p:Response: null]
2021-01-16 00:03:49,523 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_59d1040b056f228e8d878d6af25b12f1"
2021-01-16 00:03:49,523 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _59d1040b056f228e8d878d6af25b12f1 and Element was [saml2p:Response: null]
2021-01-16 00:03:49,524 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-01-16 00:03:49,524 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2021-01-16 00:03:49,524 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-01-16 00:03:49,525 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1610755424_f427', encoded as 'cookie&#x3a;1610755424_f427'
2021-01-16 00:03:49,526 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_59d1040b056f228e8d878d6af25b12f1"
    InResponseTo="_4151462bf70a030a4331e124eb05f460"
    IssueInstant="2021-01-16T00:03:49.507Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_59d1040b056f228e8d878d6af25b12f1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>/pMqOV0Y+CHP9wVdGDOwQNk+gSpawHD5T1OEsuWHekRKInpAq7fzFNeDvYGmhgaqz5eeaOT25fhNXRhsSPA3PQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>X4v710rM1hoj4ujaws3KXdi+Gk5nAdchr6xyip1YazJF18NKxRkIhoi3MuqyykP3noL9q+KAjgt2tcm928heXrii7w1R/44WYzCfEUtRFdYy7TLsC1AITp6EWPBHOBJ1JQWOkKJpY0w5jk8z1GgLQMgA+tJYKBiX1H30k8DHIK64BHWAeU8CYYktHeycTcrpeWo5XTwPMmd140vgwzl2/B+btpiDxQeLIVLFN8OFUYnVOPyj+TP6jrPGTvbu/g2qCt1jMN25pKIOWi3GysiNpRbrVHnWI1n8dhsIzrFXRojC4aOC/LyV6jnzsge7UgXFouwY0VhtjnE2PHonXaBgJQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_8186d4c0057337cff1e423800645fecd"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5378d76c1db708e5bea802718d3e63dc"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>V+viU26eccxEUObyL5V3vSMNaHa0auQnitouFz8vPItP3DtiB0XWJfRdboo0i1gM/CcCCS3CldrYs47Lo8/Mt+8TCxGaZBzt87oUF5Xfm9wJ+EE5S/RJ1KxbPp4VsIVijj1kVV5xtfp7QsXVr1vA0N5hOQlFHYyACSli+XSxAKwE99IPaDS9l267Ja2PVr6ERw8KBl0Sk+2Iws5YJ11GBRfXk5shGKvzpc6Ug+tPQ3TzxKEo1gBZD4dD63BOx5MgSy4KmSPHMb/iSxDynO0kmHqtpkBhBm8zOvQXSlTOEziED3Xu74GKsCRlmi5KfFryIeCAjL0TZasTlwg87/Uthg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ZGrJ3JtyWKpkmXKK1cVyuVf8/xwSBSyU/oPS7Ptgq/HXnd7p2x3fNFdXbdRjIbtZ/D7dsAahMtnRPRamfu5eVfk4Ix9ICd4jfFXF93amHgvGMn5TbttjhtDJwgLz9p3+4Bc/7AZcv7sN2GZgdEC0tgjOGPwse9N1sgXLWu14sq+wrWD8qpRIZT+pFM/972v4pSQGOcGrs1RIUUhAaeWXIjMI/5TaKRiIPhFCnI0OuYJM05G9Ins9vJA8rYxwGqdMlQrMMo2eWFQfW9sKS7g1TisMTEKvmVjF3jibe6l1EFe5itwyqJDfWTzyvBLhg4T2p6FxnZUPneyXKBB35QgYKaLiaCqgZ15AOeh/atbnhyzVx4WmEk1NS1sWej6f+NnjGVfNx3QMvkT9HpUWruiy/u9dVRQd2QNgJ6vwcOxJvQcsgXzEON4fXvSjEO9nSQBMHx7N8rOevrfCkAaLOkjFysZx0vSemh+omDaJZD8RrkRPJUoanOmmzftztZu+JuhazcDEXe+oBDaZi4O2XRKB5LKMW0oNVoKbRYTVRio7rEQG4e76nM1Mmua22fDUAkqx/AwY9e7FBd+jGoKIVmDgQw0kYnfSqDGP8speMM7uIU2LJd2ZRiLQJReEyLXb7d5g+DcqMqMFYPpc01Aa5qrTHfub9hCuonCMG74DHLFzQYB20dSAgSlEYs6r0JQMpBTSgUVf5ZtHqi8K+x1Xtg6lFqFWceVKJOETqjCsKcoPI57ZGCF1aP+qz1QMJHKa2aJs/eQq5T76rvczg0yP1jOfllhzwcfAqOLfHeI51a3n9lEEBYJO32fV7Gcdg91m0cM8smysDdE6oRbuh5aHcSL9b3z8VF/TkLeLH6TSNPsjef3y/GNcyhNZBxAo5X4GfZvyFJslZlUCIHBnpNO0kR3s/2EfAOBNkdjD1gEaHRNcHmVdp4kbLrqYCIEUFQzsbrrvC0x9u+tTavrPapWZ5hQeGwVb5HxhCiX5Am3bE8TmCuQRiWaPAvzhvQgog6pflyCRIME5EmpD0IPcHZ/7UtDEneBMCl0mJeJXDd2/PSCKJsQ/fyzaU5A/hYpynRDwYlbXLAELeHqDQ7MGkYXB9lABXDrs+FBtAQYEzK7W2Z2VcZkjE18soeGsNZMJzDMJbegjmxD4G6NZbMZRmB0qDq3c/PkiT5FBiXTNDzyQREQSi4wBXINhwf66oAwLZm+bIq9Ib9C3KevCXT65XeUvDP0EfryXS6tc8rmOMNo4D8nUVSGWNql7s3Wd1hpExGW9VBLLtUmAITDOzziFpopY8qTSl2FHJli3bt2zm3c+Vt/ZbyqAqVERqxr2lanbaxBwD7DToPQJJ6yNaIDYMRxNJNWx7r9cOWyGmfGjFI7ByPPSm1ILsoj8bmYpIzsfCRgM+KXKH5Qhd/fsS+omyINugRnKt2Th07QInVPyNdpH00Hr/s0SVdhYGbNVqnEx1fsTaJzNnEFdw4sUlp72rpetw0AGOtliQ6l1Jq9aEU9vHcOsQJ3Vhfx/P5pwwlkNwsMc7dQknng24cn442Gee24W7hWo4/0SCYIVmyBzsIHrujKd/pN473u7lJHqoEJpZsqxGXplW6+nNT4Ft+eE5xY9PfGerkQpeVoMckG6Tl4Ya8ZKuS30YOs5dXo1QHtgkUtEFf3kKJ2TzdlzG58fCwmgGILDzagRtTbetWjHUb0TnPhkXWweT0wokxuluoz2Ndnnk7TlBxSEJIjs1cDT2g6Uptog/yJIXeFI97VZncF5bULatcd94pHOKtcbzTd6eqHGrUZM3jMhfl2PjuPLGQFDc0V7PyTIkMVlGDH3mcrk5Wve+k1DnuzdTSm9KuQfuLwjuh1QpixWtuu5FDQ1Gp9dtut897Ggps3keMf9sIDZCNX5DV97N8MYbu6fcAh3rz/CJN6dOD5W3vAFNnwcpgbrNqSx5vSFzY6n6HB9K5Ls0RNpey334+HffSsjJ2gx6n2OFKJcEdBEBgtW677CrIVosFmrUXAkHIWejRY7KsYTZ0UNXTfMKHMro60CiC8s//ZfdzKwL4mSuQF6WdpofyE6x6Xn5cT37KT0APo10/rabRPhLazneNJPklIGvSqWNHBlHQgBn7FQpB95XLrA6fq24un6YWtEs5I7gs63kPDc36PZY/KaIXIWE72V+ZSOdExM/vWtPFwrzFOwwDsQmptrNyKSF2JdVZd6kiF8w7vn+zCnaGehZZ5TzhphPTIctnme8hix/zTlG9pI82WGzlaquOfBIafAx2GPLDlhSYVm1XXvmhdcAy31v9c6F68N5D4KGgjG3Zb2hc5k7dHI3RsmhpEo/TNWfgJBGIYPc0I8WIGB1MbwMf95CynsFSwAxHHH3jkHt09sqODQA1p6qOvXckICw8OnrRT/Ww0O9GjlQxnlhfz2oGSeycKbvCnpv2Jtt1acSi/O5y8FZgd/gY714DJ7PLmS/3Jio+rpqdDHlqh1R+CEmBvDdRvwVVHiDHZb9p0ZgmyaVyD6CjLth9mB6LQQSnY6uDi1jtobU0J/lKO/5SWAgYGMOkfLviv/5MRw4IQzyK+s+0EqKmPDJ+RVgGWMXLZS511JCO9aiNab05Snh0gSwXk3uWB0busxQxxQmLpzdqabHZ37Uf1SyZjBqQkYvjVG3PRatDxpW6EWo/EFg0i97g7Y+/H58XRUI88EoNp3LTpm7MtX5JstRaDJ7yn06LCWnOslfAN2TTvClKXaOQO0VDVCV5gN+6+95IzE52pQM3p5apQl2uAVPW0VN+Vn2pfh2npv/gRv9lUzNKSiZLpgy8HrzkHU8AbIK26Xj6t0syb4WnmWv+oOekLXEB0q8vQ/feJEbCiMO/qvExezzM+nwaq0hF32fcepOoY/qQ+IlUXs4GGPzHSPElLH5zBSMTQ/0Vre0IVEeJTfMIOG+38WI60AHMVJ0uAxP7dld8qYPsdHTtuofph/91w7RC+ZUZooQ9Zlpn8KhnO6VOyMZmqsBALwp/GjpOf7+D0/50k4eN4lMBaXX3bzz8vXQx4CFljByynJf82wMSYmfOgogTmPvrMQNREDKeiVxeXplydH5jQLvGXSzKdu+FvW38QF01E+4IjP1bF4ZdAm14d+tgBib+DUdQ3m/KBuPWmiQmJ34NNz4SRM6MyeXl19xRVJ/NH8jtOORTqs3I1vCjUcQPuoCdJrdiuwXYQLagjXqHBOCSBr7LLbpPNEB7VwlV7z7VRJvUnZ0ScWyalPi/z4+GSbQJT7VPp+bcViWWWKdl1tfBw/794/8SH5CreIGAkt7x1zgDb+9ZF5f3ZMe5pDMpaj7gI9JeK+W7ULl8YHdt47UTahMQr1Rzqa+lzfaw/7RTNwfnrjvcUQQ9JDVVGw4RUS42ERRBlETWkhRXd+ESCGO1uYRQVghPrJCSPvSSr60ZTl3/NA4X9qKvQrEv7KZSn2o24r/7U2Rho4voQKVTR/v/SZexPac0GVzJwrO1OEpvT+ibVftZfZyNPb19Gyyg+1Mkzyq6CGr2ItywxWB69LJ5Z+ihwgqaeycur1cPdH77hGYj92h4hwYd35iRV8/hBn88M1WljIwynssS2td56q1kdylwUpcDAfRsbmgID94ltNKP7d8utszebrGLXpvueEaOa2SJrzFWUmosuAFARfoRfrBycmFfFkDxX3AWHM1/FjNS6IwPReE9QoMCjFMbmeBiTM7FzPkd/aZfb1B8ZZbCYNcB86jExO+4MYEY/6ZigHBHs/Ux4FK9BWalNAhNUUS48SW9L8j08WPnJGDdudQseobEXoADHhvnqmtUol9AR7UZjIdwFcEZpN4OaCFDCfZ1rTCvnNpycZwGAkA1tQTLTvGWEdOhNg9FP0plJ51Ibcm9jfhAmRHVoUvXuAIEqjWIhaRGNcsLHynU36h7zCWdl3gCvaOo5R5dX4Ymhad2XTU1ubymBXySeNuooQUc2M/xnSBttIODICljArrVhGSIXjF50q+oyxDYnLXPAFE+avEi5YbFEaGWk7+nmVPoxaBhKSjfvJhVbqqnxK6F2FBsYs24hu/nQ8P5aEQeVPFss6GZaKNjoe+T6oINjS1jWOrkA61mZjxTOEh63DbkvII6gibjdhq/ZCxDKqpuec1yVLs+Jlh8i04shUHFAIdc83Y5122zUgdEAIvclIrVdCI+x73TDWprPG0/xCZZpWGKB97PL4cpmvmGtx0gTuutMGpVuGj8nMQK+gpVayI7z/12AGNfr9oCdB6EWnuw61m5bnqVy9l9h8JC7Jy70yjVAu4ln5zQ4329anRDqEXn3LjxnzqESGBxDScpxOp695GC032ondmaOVmEdcmkIBJaLZbU8DjpRrnMvyaMXC+rSg3AQ0jw/T/Z3AlmyC/Vf0n+5LspxNg2iNhE2pbZ9/o76tSy8F919wMY2oJQuRd89X3yIBPE26Cqi91rQpSo3YR2CycDhJt82Gl9k+ANVylbFjJMtu+zCf/WDp55m9wsipka9FeDp1pvCtLIuUoaqSYABcCHTRAFrtQDNfb0jRT6JIeIiuFFZS4V8nVLt7t8dllHdD65t7KEJyHQHkLct644Itc5LOZ9pOpcseTa/WLUQHH0uTK/LbQHvBABi6iK03d6crn+4M0s9uzoggqKWvJGztTOJGfqq3sjFWwZAGyJyCiyWb007uKg+dusdfK+4gqWujGP/xTQRJw8YTs2Vhz1FN6PaM0mtWEVwK/zD/5UvA4/lNHVMwVFbajJUpM1RFBRdNVy6mCS66wwUOBbxZc+7jK6pmWTB36A5Nc17cF4dLY/sg/UjYbYYtBOTcApQ+NxVlp5q1/QRIfDwDVXflXNbEGT7zjed+UM1740WpEah0xNMq0haR+wovEbWh1cSc1jNaSB24eN+LALMRe8xEBQc07LTYlzeSuy7Sq4iSarHRb7yz96J1bn1zw569TScx8oFI1ht3OFaSURQDZqr263rGuV2Q2S7V9xdvcjeuPCdxSSOUB4SSu0EJKeC9x1nTE8flnO99rOVdn9J313MsUI7tfeaqIHhjCuGnUEfmXqnqYZ7Nv0HcNMv6nH/eLg8F3M130QDEBn8r4tUkqdgFAyruGdeqkg/E99HuHHmzyxNghgvPcVAMkJI2Vr6ATG5YolsoKKv1ytkn50eKTHhiaUnBNQRgqvvZUPdWwzjviw0xcudi22OazZ7S0IgPSD/Gsg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-01-16 00:03:49,526 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-01-16 00:03:49,526 - INFO [Shibboleth-Audit.SSO:?] - 20210116T000349Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_4151462bf70a030a4331e124eb05f460|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_59d1040b056f228e8d878d6af25b12f1|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQx1yN+YYw4eS9UGmxA0A3BqzJajQc8WxaTOcSmhkDS08VcRa6q557fXeERnsDJKp9EqxlY6EqHMBqLdEPoCWN4Vpi26hrzELVIwMvzIa15PEpYAQ+DAAwaGFTvQGIsBH2qVKy2hSnuMYPsO6rz6U3fb5FEDIQ04w==|_d38c2d8cc7d90f87dfad977815c95b5e|
2021-01-16 00:04:11,334 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: http://34.249.24.65/
2021-01-16 00:04:11,334 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:04:11,334 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:04:11,334 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://34.249.24.65/mellon/postResponse"
    Consent="urn:oasis:names:tc:SAML:2.0:consent:current-implicit"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_7555D81CD20659EB24F7273EEAE3654C"
    IsPassive="false" IssueInstant="2021-01-16T00:04:10Z" Version="2.0"
    xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://34.249.24.65</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-01-16 00:04:11,340 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://34.249.24.65' from origin source
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:04:11,340 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-01-16 00:04:11,341 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://34.249.24.65
2021-01-16 00:04:11,341 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:04:11,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:04:11,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:04:11,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:04:11,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:04:11,341 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7555D81CD20659EB24F7273EEAE3654C', issue instant '2021-01-16T00:04:10.000Z', entityID 'http://34.249.24.65'
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://34.249.24.65' does not require AuthnRequests to be signed
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:04:11,342 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://34.249.24.65/mellon/postResponse using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:04:11,342 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:04:11,343 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:04:11,343 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:04:11,343 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://34.249.24.65
2021-01-16 00:04:11,343 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2021-01-16 00:04:11,343 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2021-01-16 00:04:11,349 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:04:11,349 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:04:11.349Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:04:11,349 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:04:11,350 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:04:11,987 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of '34.249.24.65'
2021-01-16 00:04:11,987 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:04:11,987 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-01-16 00:04:12,606 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://18.198.6.253/
2021-01-16 00:04:12,606 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:04:12,607 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:04:12,607 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://18.198.6.253/simplesaml/www/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_74ef2ce2a1ec9fd6684b509a452e947ec760baa4fc"
    IssueInstant="2021-01-16T00:04:11Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>test-fr-cmc-20.easyvista-training.com</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>

2021-01-16 00:04:12,608 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'test-fr-cmc-20.easyvista-training.com' from origin source
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:04:12,608 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-01-16 00:04:12,608 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer test-fr-cmc-20.easyvista-training.com
2021-01-16 00:04:12,609 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:04:12,609 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:04:12,609 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:04:12,609 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:04:12,609 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:04:12,609 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_74ef2ce2a1ec9fd6684b509a452e947ec760baa4fc', issue instant '2021-01-16T00:04:11.000Z', entityID 'test-fr-cmc-20.easyvista-training.com'
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=fZJBb9swDIX%2FiqG7LMtznERIAmQNhgXo1iDOduilUGR6ESBLnig167%2Bf7HRYd1hPAih%2BfI8PXKHszSC2MVzsEX5GwJD96o1FMX2sSfRWOIkahZU9oAhKNNsv96LMCzF4F5xyhrxB3ickIvignSXZfrcmT%2FMKulJBKTmoZdfW9aI6z4qlrGYlLKs5qHldnKWsOkWy7%2BAxkWuSBiUcMcLeYpA2pFJRclpwyutTUYiiEpw%2FkmyXttFWhom6hDCgYGw0GdJHrlum24GlJTptgI0eS3aEVntQgTXNA8m2f%2BzeOYuxB9%2BAf9YKvh3v%2Fw7ki5wvF3mdl7MPDHU%2FGBg12PV6Zb1ro4F8uAyTLsPbW1KpcKq20MloAsWBZIfXOD9q22r74%2F0kz7cmFJ9PpwM9PDQnslmNs8WUjN%2BMO9LOU9UrWhY5SHx51ikuGrzUNqG5cv2KvUVWt2P4msT2u4MzWr1kn5zvZfi%2FF57zqaJb2k2tIlocQOlOQ5sSNMZd7zzIAGsSfATCNjfRf49u8xs%3D&RelayState=https%3A%2F%2F18.198.6.253%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=HUUlLL4vhXJH4QtYowHwG846EDmKT41OXcSBIkRcI8eEcGnHIlgWNCCkf%2BqXtVrGYgN5I2S%2FKfCQFRn6smn0siJhbJhABsxIiFMla6X9EU02u%2F1F9YY5lo404zlau7Ay4kAo%2FxXX0vjJegZXfMLMwPR9X5mB%2Bc%2FyCu%2Fp4Sh8n4g16G0Y65c%2FN6qxQQ3hQuGnfF8DYKn%2BwZc%2F8DYTJs3ydOumWyv9sA04jp%2B%2BVESbJbyJsFw0FsnJzm5tWbQJRjs4fuYgBwPkRls%2BdVodHmNd7kqAAzAsc1f7z7KVTgNkViFnM67MTcDxtJfjnbecuLteTRC24gkeu53w3citj%2BwEMg%3D%3D
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=fZJBb9swDIX%2FiqG7LMtznERIAmQNhgXo1iDOduilUGR6ESBLnig167%2Bf7HRYd1hPAih%2BfI8PXKHszSC2MVzsEX5GwJD96o1FMX2sSfRWOIkahZU9oAhKNNsv96LMCzF4F5xyhrxB3ickIvignSXZfrcmT%2FMKulJBKTmoZdfW9aI6z4qlrGYlLKs5qHldnKWsOkWy7%2BAxkWuSBiUcMcLeYpA2pFJRclpwyutTUYiiEpw%2FkmyXttFWhom6hDCgYGw0GdJHrlum24GlJTptgI0eS3aEVntQgTXNA8m2f%2BzeOYuxB9%2BAf9YKvh3v%2Fw7ki5wvF3mdl7MPDHU%2FGBg12PV6Zb1ro4F8uAyTLsPbW1KpcKq20MloAsWBZIfXOD9q22r74%2F0kz7cmFJ9PpwM9PDQnslmNs8WUjN%2BMO9LOU9UrWhY5SHx51ikuGrzUNqG5cv2KvUVWt2P4msT2u4MzWr1kn5zvZfi%2FF57zqaJb2k2tIlocQOlOQ5sSNMZd7zzIAGsSfATCNjfRf49u8xs%3D&RelayState=https%3A%2F%2F18.198.6.253%2F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: test-fr-cmc-20.easyvista-training.com
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: test-fr-cmc-20.easyvista-training.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'test-fr-cmc-20.easyvista-training.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID test-fr-cmc-20.easyvista-training.com
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:04:12,610 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:04:12,611 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:04:12,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:04:12,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:04:12,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://test-fr-cmc-20.easyvista-training.com/simplesaml/www/module.php/saml/sp/saml2-acs.php/default-sp' nor response location 'null' matched 'https://18.198.6.253/simplesaml/www/module.php/saml/sp/saml2-acs.php/default-sp' 
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:browser-post' not permitted by input criteria
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact' did not match 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:1.0:profiles:artifact-01' not permitted by input criteria
2021-01-16 00:04:12,611 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: No candidate endpoints met criteria
2021-01-16 00:04:12,611 - WARN [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Unable to resolve outbound message endpoint for relying party 'test-fr-cmc-20.easyvista-training.com': EndpointCriterion [type={urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService, Binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST, Location=https://18.198.6.253/simplesaml/www/module.php/saml/sp/saml2-acs.php/default-sp, trusted=false]
2021-01-16 00:04:12,613 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: EndpointResolutionFailed
2021-01-16 00:04:12,613 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - No SAMLBindingContext or binding URI available, error must be handled locally
2021-01-16 00:05:22,200 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1610755521_2922
2021-01-16 00:05:22,200 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:05:22,200 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:05:22,200 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_c8616baccbd3e75e46fe184c6415c654"
    IssueInstant="2021-01-16T00:05:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-01-16 00:05:22,207 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:05:22,207 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-01-16 00:05:22,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:05:22,207 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_c8616baccbd3e75e46fe184c6415c654', issue instant '2021-01-16T00:05:21.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:05:22,208 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:05:22,209 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:05:22,209 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:05:22,209 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:05:22,209 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-01-16 00:05:22,209 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-01-16 00:05:22,210 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:05:22,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:05:22,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:05:22,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:05:22,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:05:22,210 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:05:22,210 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:05:22,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-01-16 00:05:22,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-01-16 00:05:22,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-01-16 00:05:22,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:05:22.214Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:05:22,214 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:05:22,375 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:05:22,375 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:05:22,375 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:05:26,032 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-01-16 00:05:26,032 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-01-16 00:05:26,032 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1291155460::identifier=morty, context=org.apache.velocity.VelocityContext@534058a7]
2021-01-16 00:05:26,033 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1291155460::identifier=morty, context=org.apache.velocity.VelocityContext@534058a7]
2021-01-16 00:05:26,034 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5d5399f6285dea7ac37a3bdb8a3146e83b228d6d47244b402ed8647912e900bd for principal morty
2021-01-16 00:05:26,034 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5d5399f6285dea7ac37a3bdb8a3146e83b228d6d47244b402ed8647912e900bd
2021-01-16 00:05:26,035 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-01-16 00:05:26,036 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6f989b1b'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-01-16 00:05:26,037 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:05:26,198 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-01-16 00:05:26,961 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210116T000526Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1642291526961}'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:05:26,961 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2021-01-16 00:05:26,962 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6f989b1b'
2021-01-16 00:05:26,962 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:05:26,962 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-01-16 00:05:26,962 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-01-16 00:05:26,963 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-01-16 00:05:26,963 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a2f7169a6c664cb1f91f64473bdff9d3
2021-01-16 00:05:26,963 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a2f7169a6c664cb1f91f64473bdff9d3 to Response _e572cba6f3d373ab28f3feec19d2006e
2021-01-16 00:05:26,963 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a2f7169a6c664cb1f91f64473bdff9d3
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-01-16 00:05:26,964 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxns1DB1aEyo+Uzk2WYO67nqA9rGMcy3x+RhdINmiSj1N0IDolnTeID8w0pZp+f0+kTQ7qHdKHhZ+qRNb3IS7x+mjtnN0wx1VdsZAcIc6DgKrp4CWpuahvf2tEt78A4Vn1EKNxCzkrfpNTQ6LkNaVAiVh4pAww0w== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 35.205.41.137
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _c8616baccbd3e75e46fe184c6415c654
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-01-16 00:05:26,964 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a2f7169a6c664cb1f91f64473bdff9d3
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a2f7169a6c664cb1f91f64473bdff9d3 did not already contain Conditions, one was added
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-01-16T00:10:26.962Z, to Assertion _a2f7169a6c664cb1f91f64473bdff9d3
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a2f7169a6c664cb1f91f64473bdff9d3 already contained Conditions, nothing was done
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a2f7169a6c664cb1f91f64473bdff9d3 already contained Conditions, nothing was done
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2021-01-16 00:05:26,965 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a2f7169a6c664cb1f91f64473bdff9d3
2021-01-16 00:05:26,966 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session 5d5399f6285dea7ac37a3bdb8a3146e83b228d6d47244b402ed8647912e900bd
2021-01-16 00:05:26,966 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session 5d5399f6285dea7ac37a3bdb8a3146e83b228d6d47244b402ed8647912e900bd
2021-01-16 00:05:26,966 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-01-16 00:05:26,966 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxns1DB1aEyo+Uzk2WYO67nqA9rGMcy3x+RhdINmiSj1N0IDolnTeID8w0pZp+f0+kTQ7qHdKHhZ+qRNb3IS7x+mjtnN0wx1VdsZAcIc6DgKrp4CWpuahvf2tEt78A4Vn1EKNxCzkrfpNTQ6LkNaVAiVh4pAww0w==
2021-01-16 00:05:26,966 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-01-16 00:05:26,966 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-01-16 00:05:26,967 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-01-16 00:05:26,967 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e572cba6f3d373ab28f3feec19d2006e"
    InResponseTo="_c8616baccbd3e75e46fe184c6415c654"
    IssueInstant="2021-01-16T00:05:26.962Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a2f7169a6c664cb1f91f64473bdff9d3"
        IssueInstant="2021-01-16T00:05:26.962Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxns1DB1aEyo+Uzk2WYO67nqA9rGMcy3x+RhdINmiSj1N0IDolnTeID8w0pZp+f0+kTQ7qHdKHhZ+qRNb3IS7x+mjtnN0wx1VdsZAcIc6DgKrp4CWpuahvf2tEt78A4Vn1EKNxCzkrfpNTQ6LkNaVAiVh4pAww0w==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="35.205.41.137"
                    InResponseTo="_c8616baccbd3e75e46fe184c6415c654"
                    NotOnOrAfter="2021-01-16T00:10:26.964Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-01-16T00:05:26.962Z" NotOnOrAfter="2021-01-16T00:10:26.962Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-01-16T00:05:26.034Z" SessionIndex="_de35c54743eefc74da018bda456a37af">
            <saml2:SubjectLocality Address="35.205.41.137"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-01-16 00:05:26,969 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:05:26,969 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:05:26,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e572cba6f3d373ab28f3feec19d2006e"
2021-01-16 00:05:26,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e572cba6f3d373ab28f3feec19d2006e and Element was [saml2p:Response: null]
2021-01-16 00:05:26,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e572cba6f3d373ab28f3feec19d2006e"
2021-01-16 00:05:26,969 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e572cba6f3d373ab28f3feec19d2006e and Element was [saml2p:Response: null]
2021-01-16 00:05:26,971 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-01-16 00:05:26,971 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2021-01-16 00:05:26,971 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-01-16 00:05:26,971 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1610755521_2922', encoded as 'cookie&#x3a;1610755521_2922'
2021-01-16 00:05:26,973 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_e572cba6f3d373ab28f3feec19d2006e"
    InResponseTo="_c8616baccbd3e75e46fe184c6415c654"
    IssueInstant="2021-01-16T00:05:26.962Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_e572cba6f3d373ab28f3feec19d2006e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>AT+RJUiMPWKKFGiaTUadDxAFNRud0Ts0d1dqgTocjTsArCBqd61tWtwvdau5pQDWSeE6NqOXNi3XAPUQ3txQbA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>UaQ4NMrmDI4g5TZFIqZxlSEYzgJh1M6ltqV0ABrehtoALajsu2vjgbNG/x3v7x9TyRw10rN3IPmdIj/w8t316trtGmhfUtTzoKOWZr5/S4p1Z6hG9RIrlRKL4BvSO127gUpi3KRTmqFCxDzvj4MAMiJskBk/9Xy4FKEJyvnwhgRhYCmQlri6o2pjG6q/SCm1WC/n8B/PYHkN+bdktfPOVo5roPg2WnHj8Oqo/w+5d5z1zjYqfFfX0JIXf0NV5PE7Mi8V0niZLpZeEBtaSRiv15k9gb2o43Z0MuH01sgvtXx03znAr0tAZBjgpus/eNY944i7atO9nEQzI3izY5KyGA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c3c14876d11597689c7e5e495679c606"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_15e7896e0d9125e1a95700357a76680d"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ZxL1PHLHWxmAtiH25+DEKRP4IdiNw+DiAgCzNMAoH7Blf//05PLotPk28hvJ/JynCFPmnX8bN300+3lxhlvbVxF1zj5U6qiKbIXxwU0/evSEJ7HM9UvgEy9nxJPV1A06c/+SQWXMA0TataUI7PWJDbBhNf7rTRsE5FQSezIpE/LqRgHNFIMirvrhnHMwUxvXr5CigANywN4zC3EZGdNmSOcwLxyOHX9ExvGpct5C2/+qpPQXJbcTk9HSTorWEc0AhWWX1wyU7B0RC9Bm3zKl3Yq+L1Q64YVhFrMx8tJVek8UpC08VtJVWl7td7NqA5feUmVXxkFVzCRm550Mu+ZE7w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>+MrviViRKJCigAdrp9mNb+w4k3KE5URH70WxAerCqdAOCFZB30XHcnYfUMEz2S5+4cmPG/XuPwdcMEb4KjFxSpyN3sHR45LbqEfzZQQcfKn9xgmgjGIR+YbCaM/DK+FZEY3iyaza9clsvRH+5ztq6yhgOa2V19BNL9aHSEP2I9FU8d4AF80+1OhQICwMj7bwPqPW21rCTwfEF+syt+LDP6Fycn/2DCwI4g/yEaYzRqkOGftLVKci27BSh/XR2qSYHUsNyXVoDCfcTfnD846BFYwJCBMJfOWMl/kRm9fPG2cn3apSRQJ/VcvAshdWDpv5r2oZrDjPKqcH3CtO21CUgmJBDQpgrQKZmvt8oQTpOjL+txM32yQtFVxz4wLrN3+9+67T5x8YDyYORFcDLpAqQDV+VsdPjIGhA4Rjhc9PKz1qtOPUUFpP625JdDAXqknA4fMWJUQqMhgiJKtZ8LDlNy3AL+NZ25Vc80Ebe9nuYTnoyLk/oa63XiXNXBtKcaKctbjK43Zl37kI5xWInPS3E89nG3aMS0cpN3Lnia4i7F5XmUvKfkiSlZab9IvpzFiW5IHfq4iKGTja93nLBmkEQkk6OfZwJ8aUN4NGDD5CL6Gew5rrgnLVVy189t1W1CbtDBRviJjarexvBFPly5RyYC37WuIFUWESkueiM5ZI+wb9zT4TperKudJUVwgeY0WXQwAwdtuitnoVvnDIXF2H/LRJb2jkFFLJsqe+J+6pZ+TjssUymeU88QyQ/Qfuvb58quhlLsLtkM2o/IA/Hm3/hUxLYm4EHwnpngPmX+MB72jbr4mlQD/wyycu3/HjJ4gDjWNioMx5wfcYGXsQFJdeKQ5m2xldl3h0jfrOnycoy7pVFKBe4e1r/ZAwsMES4JX5dAl1N72DUTCBHRzqmWjIeGJAdPCv0GcJgynMbODR3ZVVa2wb8aqPDuLA+al/e/DI9Zgex3cKEGcgD/cke96u6xhtvySe/Rk0v2W8zZ92IGmk8gWPp5ng/koHDmKqg0Gzffv3n6I399U8x/6baHXwQM8D1xc2i+SqzrvwLV9+3B+RGNK/6X+BmVdOwWq9xfR97BXE5qvB1jKSGT5/v5Ew1UBjf8apPCmQYGWIje1seeDVdEBGDS85J5OXex+JvagZ9jv5GalwPsVM/q33NR/oecvvw7tad3fNtCpRDY1MfjJsuweoxZ1KMf/0ABMaeWbACHG5ViTi7mDXpU4Ax9ayBhsfon0p2bHVCk8ZDc7rEEDJNmQBSgOKeWPVlo1HHgjCrXn+2K8roYNHO7Ha+/uc37BkXo/oRFDsAomkE7xKIjRcfHjpBLGW3fIW8WET06VF3xvaJjYq1VFG8ozY/GvmHlF60YDDbl+HTm6CObrFZSiFGxfOBd9bXmPX3rb5bWlcYtNhlP/6PM+Ffp2pLLpe0E7ucg1v79Gy0Q0ztlgc92ndRqiYQZZVW3geI+I3BBeEYP5hhA/ExslXyLQHkpesSi5ql7WPkFj7a4x7unIx2zWhaZLfnHEB5QMmvkkicAgbMn7sbKI/eCd7sT9yzUOFYsEtpIJLSg91DN+SI+h1SXLz42kIbMtirYoNdGMxDYkhW3etWyTplI74bto4FPE3thsOb+0FEbNVI00Aj/+WKOWaslFvfxO6da8XfGfqAmONcha78FevFOJVAtrkJO6BWh2tHvny5nDAQSGrl9m4KfFpgahGg/t65ruoimX1KVOt5c851LnNu6sNfcyYbBQkZfJ6VMKsET2vWC/efH2ouQMddfgWuf1aDKxzO27uUeILbjPPTDil/g9h2IFXrcmmVwGxQHQLSP6/M19CQ/QExiJGcae6CSaJMKLHRifP2sW8ahGMMfgAfuVmd4W5+wBKkDnheXLxQ2q3GUICn+NzJOaofIEInwo45PGsAnj2lR/t7eF5cxwbEzsNPQyQYbww2qGw68BbhCdkSnV2GfDr8vJlwjLU2YPX+76Nwn5gSwbYvFAbK1ei3qTQa/LKkpwnHODQAXVYbKaRX1V42N8M+QWW9na+WeRSgHzA7bvOQZoUq8zi5uXg3y0KGA/8LjsYM0OjvDeKSkwYnxCwgpnzpVorSeFT+7nPsy0dqhCpTw86ldz5i6/ILYNlmRu47rskDaeTnJkaH9Wn37AFYVoxtS4woGTGhPPBej379+8spn7Cs5Z905kWr5kUn0baBta3K79ZOYZcs6JftNM+i9LoUzG1Qhsv/ueQAupioZfE/xf5MJckkJ+Y2fEfD1RHHPkdWXT1HM9s/Xf4fO6xbJNZ9HuFMT56QbPnWLorUwvJwJeyekfpxKvtcrV0l+OHYCEJcal1MC00Q1IOvyKdA8ox2ft2PlSndRxcLj2bFjCTZa3tN3jnM4TpVtMTlu8qW8bjhjMT1NgXFeRo1uFJaAdKS6QURnCZc2z5EIKmE+zqxKA6NB3j+nzvfZwFsrqQoFcDm3/4kDeMOGt/hAW7cvA8DZx+mOPhAtwn1LheygTBkrChXGqjw+4ZJpOtaktSAdPkQHsX+MRqsS6NoTd3d4HymcBFkoZ9yBmJ7fq3q16kByU0eETZLDIWJqAH4wtSREb9PFN0Cyf01tyIgPJDYqIsnOQhM0Sosoryc9o0RFsAu7pE0LORZz2cy1FnmUUDNGYlx32WjxDqG71wjMN+9TgplMgn/8IPKIMD0Hphotw9WmEkCuo15VcQp1t1Ba+vwSZksLXLoXNJQGjGntYydGUWMdKzEm7IRAn4HmJgmzvUn/fOfCnIIEH9H7QiLztbFtgh+j8Lr//QS5gWd5wQ2sRxnEaWF00j5zK65mti7Tq4hK9tehyju6HsK+eyiqKJ83cayhBwCvu/10hWDZcxg09I85WdtXA/mSCuc/E3+PduZ6JfaLymtLEq+cUYHmGAm/lAmnXI1YRkmydsZA/5GzaWe3/phuUbPhugWR9e09OanGSlM+Tmzif24OkkrTugtGDRBfVIX4Z0Js2OIq5GS272kAGJWeNGsp9HwfuaPM6paK2lzgyRie7yseYsxChOyne2u1TKPecA54CFZJHxCfIlUO/GlFUVHcl/XeA7wPK7Tv7za7cN2I8egGPUO8cXpxwTYlPKiPXxavGL/1EfrttRafIBk1XaAehSrU209bOQOMQyhuX1BO3D71uUcomyy+6af70lOeow+PPof0PIwXw6WiHx70D4hx7J9xpiicAEXYAkqCzyPeYWPpdCso0Fs0cbzp7zNoTd+prr0Fm1wMBbjFj8288O43wRlyK2IinBw1b2hQZtEmye2Wlcf9zBshYy0ebfbUndRWL5cPiwih1zxJis90SWXMf+1LuMpVRo5JWlKuzxG7VQE8ggM6Zj/M+RYdPtYp7dSoOOoRZcbFMioZuPVjyxjJKTlwZ4tYDfigqn/8opikjel02kq5auLrQdp1qBh/HSjHNdUPsBZb/2QtI8d0o+zRh042QfhZkJA3tNKOwz0IcPG7kPqaprszQnp0vf/z3+QGNeoPDjQm143pT15ukCnACN05hbjrGoVToXh+sg9nDKMnYGMJPi3UJsq1tw1rV84DoS2v4koV+FTfkzb/mLb6qdcxoFNQYEnZE3MC7KuyG5bAcyVXhNoMPNs7J5RDp7lR9YYR5mQjDfN3rFUkkYuIaeb+juH1b0lieHkVdJacqTmFETeuWKaHKtlP7zhWFCWYSRRJvspqSvE25R0FaOuIVB7tiU9uyJOAmMaNPgGTP0eppD5tnhiNTHmhpxtiTYxFa4rxt9aHIHs4xcV6B5t3NqD8a+Yzc6GMpRLrnU7P7k9a1ETYdoLP45nZmydrWkwtsyc7u8XIwNzTJKxMUTxsuDynJGKvlbVrJV3taw9Gj8Ztmzot9gA3hpiu4D/dc/fVtoWHZ0c8c7tlVN5QP24A+gmrhu/Or5sNOvf6B+rK4MjW2uqdx+y4EgKYGTGaxPmC3sWAQmU2oJbgOyvcceOOPzy22rQTi+SrdGvaPydEanv/lm+pZwB6/j2Ok0+Oe1UH2a/No2z9c/2Pa7bTO7/UG6xhR1JglsDIWN1+XYfhSSlrM3vr1TBviit5mdkowDML9bScQrGtSi/o0U/x4peTsAlq/vmAdVaVZsgofF+983kLl2lGyuDt1hEVt0IsdU+VV0RBUzAwfAyS/1TOmys02fjafKb6rH7RRWT/bFs7LHc7sOBIgJ6NNk9iclv/7yWZSyppFWYMrw1mwUKr2+Mxo1Ga8boci3ur7XfTEzsK6z4FrfV3yM6zzBstlrObzzy5tHklYt8aUL1t6ZjCEAabr6H3bLm3zU19y5vaCJBiFfe52z1HDKHlJQCq5xEvMqvJpGSrPDVA9XsqHP/QIA2CWnhBQvekErLHcFwoLBBz+7H8VhveWwCOm/OoAVTggziz04nApeg4HEibkVKg//btfwCEO+LNFQn1AfnXBVH67joKFoqtem09+m0WdPBFtE5cllKUxUZBtvNFp42D4nlxW9xYwqFUd6r3WS6+HEfSx0h6y8qAACTpKruXJCz/EvFw1nwfun7erPcbkCOtZkUFpQ00d/BXiaYolxvQ1JSoXBdQxtNTXiWLHaDPN9vuMIA6KN29Q/ofN0sPOO06vBd0OvUcxYiKk8U/Mb7Onlulfrvs9RHJQgWNws/tw+yoHFVbrfqPRCI7MnzeP4KC2Z3mIIWR2r4KOo1Uf1FtpgjwxQIC5oUHErZPK7bh12IX8BwA7aGZRD9HAINZb0Pm3M85T47AeTuNKk5dA5McKaSP0PD7IGasCTvD+QOSatQudjpbHJVVGvot8UGHAyYt8qERAWU5f7P7UZ8yCBFiBxpRwqnZSR/t8ZWmPV0f05EL7RcfkKwmk0C6BBqIJpABq8DNK1Ubv0qXryHQedJAhe1u6LegZfVrQHbznbjwpkaKokfukltflf5iRm7W0ERank0j4XMh4lw35Uko6hmHzjarXVjMhNBxB8lK5mFaZjbGD+lV1hETd9oFuAdIDFnw1p52tAhTXDei37dVrrgZJq9AAqco40o2QEpFfwYX388aWqRhngZ3pQA/ZLDG+u6EulgL2Ku64EP+p4Y4W+EtpJScY2JGEfKxYQ1Fs2qOlW3Xhvunev4gnilBIl3dY89IKvHUiHmtdCMwSlg0nSuzjtXcdWpmuli11JXcC65hlC9A6xJrGGtuvVX4fulmDHeGrPz/BzMG/vOgUHOT6RGA==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-01-16 00:05:26,973 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-01-16 00:05:26,973 - INFO [Shibboleth-Audit.SSO:?] - 20210116T000526Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_c8616baccbd3e75e46fe184c6415c654|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e572cba6f3d373ab28f3feec19d2006e|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxns1DB1aEyo+Uzk2WYO67nqA9rGMcy3x+RhdINmiSj1N0IDolnTeID8w0pZp+f0+kTQ7qHdKHhZ+qRNb3IS7x+mjtnN0wx1VdsZAcIc6DgKrp4CWpuahvf2tEt78A4Vn1EKNxCzkrfpNTQ6LkNaVAiVh4pAww0w==|_a2f7169a6c664cb1f91f64473bdff9d3|
2021-01-16 00:07:55,036 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1610755674_f473
2021-01-16 00:07:55,036 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:07:55,036 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:07:55,037 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_1481127516a0548302d1b9b5a9193263"
    IssueInstant="2021-01-16T00:07:54Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services-sandbox.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-01-16 00:07:55,043 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK' from origin source
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:07:55,044 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2021-01-16 00:07:55,044 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:07:55,044 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_1481127516a0548302d1b9b5a9193263', issue instant '2021-01-16T00:07:54.000Z', entityID 'https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services-sandbox.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:07:55,045 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:07:55,046 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-01-16 00:07:55,046 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-01-16 00:07:55,047 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:07:55,047 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:07:55,047 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:07:55,047 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:07:55,047 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:07:55,047 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services-sandbox.sheerid.com/Shibboleth/UK
2021-01-16 00:07:55,047 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:07:55,047 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-01-16 00:07:55,047 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-01-16 00:07:55,047 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-01-16 00:07:55,051 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:07:55,052 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:07:55.052Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:07:55,052 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:07:55,052 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:07:55,052 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:07:55,053 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:07:55,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:07:55,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:07:55,219 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:07:58,820 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2021-01-16 00:07:58,820 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2021-01-16 00:07:58,820 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1970340848::identifier=morty, context=org.apache.velocity.VelocityContext@430dd3e5]
2021-01-16 00:07:58,821 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1970340848::identifier=morty, context=org.apache.velocity.VelocityContext@430dd3e5]
2021-01-16 00:07:58,822 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3edfda203a31388453e291f6fd9cfab92577958d37efa06b1b1a0ceaef3d2d7d for principal morty
2021-01-16 00:07:58,822 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3edfda203a31388453e291f6fd9cfab92577958d37efa06b1b1a0ceaef3d2d7d
2021-01-16 00:07:58,823 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 9 attributes: [eduPersonEntitlement, identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-01-16 00:07:58,824 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26e30f53'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:07:58,825 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2021-01-16 00:07:58,826 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-01-16 00:07:58,826 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:07:58,991 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning OrganizationName from Organization, SheerID, Inc.
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-01-16 00:07:59,768 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210116T000759Z|https://services-sandbox.sheerid.com/Shibboleth/UK|AttributeReleaseConsent|morty|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:_key_idx'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=morty:https://services-sandbox.sheerid.com/Shibboleth/UK, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1642291679768}'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:_key_idx'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'morty:https://services-sandbox.sheerid.com/Shibboleth/UK'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[morty:https://services-sandbox.sheerid.com/Shibboleth/UK]' as '["morty:https://services-sandbox.sheerid.com/Shibboleth/UK"]'
2021-01-16 00:07:59,768 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@26e30f53'
2021-01-16 00:07:59,769 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:07:59,769 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-01-16 00:07:59,781 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-01-16 00:07:59,782 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-01-16 00:07:59,782 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e85dcee319c044bd193106cc87a262a6
2021-01-16 00:07:59,782 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e85dcee319c044bd193106cc87a262a6 to Response _1f2dbbae86d238c054cdb2ecdb9a6804
2021-01-16 00:07:59,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e85dcee319c044bd193106cc87a262a6
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value None of attribute eduPersonEntitlement
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2021-01-16 00:07:59,783 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-01-16 00:07:59,784 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-01-16 00:07:59,784 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxW/dNx4kj+Lh1LmLQJGqkwZQLXnAWaPlxupfgC0/tNlrXG5xeq3wxcK/96lCD4O6q+mU3Vzlgy184otUj/L/VvqcTU7A419XSR+JiEuWih1T+3EVR/7dKTUs/piDtEFlxHTpwvEIGpfPaPbc3UWYvdnGPfj/c5A== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 35.205.41.137
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _1481127516a0548302d1b9b5a9193263
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e85dcee319c044bd193106cc87a262a6
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e85dcee319c044bd193106cc87a262a6 did not already contain Conditions, one was added
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-01-16T00:12:59.769Z, to Assertion _e85dcee319c044bd193106cc87a262a6
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e85dcee319c044bd193106cc87a262a6 already contained Conditions, nothing was done
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e85dcee319c044bd193106cc87a262a6 already contained Conditions, nothing was done
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://services-sandbox.sheerid.com/Shibboleth/UK as an Audience of the AudienceRestriction
2021-01-16 00:07:59,784 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e85dcee319c044bd193106cc87a262a6
2021-01-16 00:07:59,785 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://services-sandbox.sheerid.com/Shibboleth/UK to existing session 3edfda203a31388453e291f6fd9cfab92577958d37efa06b1b1a0ceaef3d2d7d
2021-01-16 00:07:59,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://services-sandbox.sheerid.com/Shibboleth/UK in session 3edfda203a31388453e291f6fd9cfab92577958d37efa06b1b1a0ceaef3d2d7d
2021-01-16 00:07:59,785 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-01-16 00:07:59,785 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://services-sandbox.sheerid.com/Shibboleth/UK and key AAdzZWNyZXQxW/dNx4kj+Lh1LmLQJGqkwZQLXnAWaPlxupfgC0/tNlrXG5xeq3wxcK/96lCD4O6q+mU3Vzlgy184otUj/L/VvqcTU7A419XSR+JiEuWih1T+3EVR/7dKTUs/piDtEFlxHTpwvEIGpfPaPbc3UWYvdnGPfj/c5A==
2021-01-16 00:07:59,785 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-01-16 00:07:59,786 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-01-16 00:07:59,786 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-01-16 00:07:59,786 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_1f2dbbae86d238c054cdb2ecdb9a6804"
    InResponseTo="_1481127516a0548302d1b9b5a9193263"
    IssueInstant="2021-01-16T00:07:59.769Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e85dcee319c044bd193106cc87a262a6"
        IssueInstant="2021-01-16T00:07:59.769Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxW/dNx4kj+Lh1LmLQJGqkwZQLXnAWaPlxupfgC0/tNlrXG5xeq3wxcK/96lCD4O6q+mU3Vzlgy184otUj/L/VvqcTU7A419XSR+JiEuWih1T+3EVR/7dKTUs/piDtEFlxHTpwvEIGpfPaPbc3UWYvdnGPfj/c5A==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="35.205.41.137"
                    InResponseTo="_1481127516a0548302d1b9b5a9193263"
                    NotOnOrAfter="2021-01-16T00:12:59.784Z" Recipient="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-01-16T00:07:59.769Z" NotOnOrAfter="2021-01-16T00:12:59.769Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://services-sandbox.sheerid.com/Shibboleth/UK</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-01-16T00:07:58.822Z" SessionIndex="_42bbafb808eee066790b963919e5ca3d">
            <saml2:SubjectLocality Address="35.205.41.137"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>None</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-01-16 00:07:59,788 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:07:59,788 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST
2021-01-16 00:07:59,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1f2dbbae86d238c054cdb2ecdb9a6804"
2021-01-16 00:07:59,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1f2dbbae86d238c054cdb2ecdb9a6804 and Element was [saml2p:Response: null]
2021-01-16 00:07:59,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1f2dbbae86d238c054cdb2ecdb9a6804"
2021-01-16 00:07:59,788 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1f2dbbae86d238c054cdb2ecdb9a6804 and Element was [saml2p:Response: null]
2021-01-16 00:07:59,790 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-01-16 00:07:59,790 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST' with encoded value 'https&#x3a;&#x2f;&#x2f;services-sandbox.sheerid.com&#x2f;Shibboleth.sso&#x2f;SAML2&#x2f;POST'
2021-01-16 00:07:59,790 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-01-16 00:07:59,791 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'cookie:1610755674_f473', encoded as 'cookie&#x3a;1610755674_f473'
2021-01-16 00:07:59,792 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://services-sandbox.sheerid.com/Shibboleth.sso/SAML2/POST"
    ID="_1f2dbbae86d238c054cdb2ecdb9a6804"
    InResponseTo="_1481127516a0548302d1b9b5a9193263"
    IssueInstant="2021-01-16T00:07:59.769Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_1f2dbbae86d238c054cdb2ecdb9a6804">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>XeDX2r/dLgkJZQjsCKzDHaVuWlJ6E/UE5C0tJgq4d6opst+kq6ZxTKJis3JGfqYYYkPtpqC3NUpXX0HapcSxCA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DS5Yas01LrZVC/KAs/ZpaUeHgQYyLqIPzru0tSMP77wwtgSk8/l2bQWQExgj94rMkigcGRoil8f9HhDj7D5IQcqbDWwjH761y4oxtJMZmRVL37mTh8wvUsN1/zhzvW99fPbrKAX1cPOtiqXD3uhskYoOy0pVmLpvRLVYIOFEj1WhaCJ9+WKc2c1WgTGqy/Pt2PSeDShkKpS7Y3ZG23ac10Er4fA7jl+2wiI/B/8fMPAwg88EfHTIluaXkC6wHStWqwmdXBtZeYN0PXtcXvBqCd/5SKMiefA2Si323UqCUidgeFOtza5c6tG++1dHdJVsrkwyRt3Qk4LkSJyYgam+Ew==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_ce06955ca1e3dd1697f44066b28f8916"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2009/xmlenc11#aes128-gcm" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_822eecdc1be180fc645ee5557749adb7"
                    Recipient="https://services-sandbox.sheerid.com/Shibboleth/UK" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                        <xenc11:MGF
                            Algorithm="http://www.w3.org/2009/xmlenc11#mgf1sha1" xmlns:xenc11="http://www.w3.org/2009/xmlenc11#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDaTCCAlGgAwIBAgIJANNSqhQs7XD0MA0GCSqGSIb3DQEBBQUAMC8xLTArBgNVBAMTJGh0dHBz
Oi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTAeFw0xNjA4MDgxNzA4MTFaFw0yNjA4MDYx
NzA4MTFaMC8xLTArBgNVBAMTJGh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZUxCXQ9C05W39KdufUi1bOJ4VRIbGEqA7c
vy3SXvcADhTb4G5LN3mVC+PcviQFDhTd+oNCqwFOinx/kfQRrumSsIHIcN4h50Mw9xSBK6G9dG/j
A9y6BWKVpN8boOhcAmGdR0CQus0qBzKcJZKUBMLjvah1XNCLbE7At7Z8tl4mmFeYdqpLNedr57TG
xBL5dcP7nGEYsTs0xUSA7yR9bbm0HVYAccJoyCmG3L2vHeAeUa2jRFxSWLqBOYzTLqhE9osHabXI
sYQefmmxCdb6OONW1JwFBGvDSAWQT9IWgoS0AjDBDpxyzCKF6xrFkVQ4zh+yoJVqXLc+czmo7JMl
jokCAwEAAaOBhzCBhDBjBgNVHREEXDBagiRodHRwczovL3NlcnZpY2VzLXNhbmRib3guc2hlZXJp
ZC5jb22GMmh0dHBzOi8vc2VydmljZXMtc2FuZGJveC5zaGVlcmlkLmNvbS9TaGliYm9sZXRoL1VL
MB0GA1UdDgQWBBQXZ3r0gtUr5tZZDwCX8vvufbyOQzANBgkqhkiG9w0BAQUFAAOCAQEAAs80tndG
r5u/k57rCoVuJWqNCBQtzqExuoMTtAICMHvmNCsBioy333vTgJrCm3z6dnlR8BEiyFsD43lOw15M
OnLqK/+QkuKis+8MruMJD2x+cZQgBcXbzHhebdtjMYAd1tGVmHyp6EoQ3+C8xnNORotJmJM3Wp+D
oztlycBFLrZXZW+VBhBEcZnF9wLXCYH4bYegJkk8ClMmlgUu7G9Vlextabe4xNOSBTV8j/CMnmEU
GpQ8vUAotwUO3TkcPEd9dAmzW7Ah4RvMHtLwPUdkNLk4/9zZPSnHdWFlnecZ56ESPTX8mN29Rotb
q3/LSmAnyGz1Q6LEVrHgUn3ud+34yw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>JfsgdUE2w6Wrx/m2OegmqJnb2K5ycvT2MmQOATIs/LzmUya5JgWhMbW6N5PsHwY1RFenogDdEa5BeYaAro0r2SgrMRSONj/rzcJuy/Hjfx+QseKZm3R08ah7+6ksrJDdPFypLXjbMVnwMjnBAH2Hpuq0H/FsevdBx3C53JnFhYwDNDIM3YznReUa5n9aCQxjwAg1BVsdy06LN9pBCMVAnC8tXFLIXZn1gzZ8mx20mzUiMoETldFePL6RzKnwadiXRYAgitBIXzQQtQBAovO5DiFPpm5sFfijJECZ3pRwbgZOHgg+nHhRU6lTK/uHCJH3Y/HHbUeHyBTkR0VkYNNOjg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>2MGb0ra3pe5BFgcAaC4mt0GeSStfoAH+/g4yXHCmK7CcKlwH8gyHwzrvCVpb36G8eLsN9MgU9eG4RgYPetsBe3fFkHDudPt0thdoCiouB1t9wXEEuUSU5T0FTHjTbDLcMjreyZK67KQm1g4yMy6sll8gIjw29Rjn7ylFvkTaXoIroC778yEmQ0AjabC1vFGGKzt4qAE1JGubTA8bgx8w1asnLis6CDPCIzCNmggaSFVwzV/Jn9pdv9DhG8lcuI56nYt319gsHzM52HigMMpHxFAKFkPe9VbfbH6hReX1Zl54caXNQi+C/k8jy8fqUcbWWd1XHSpxfR12c0icDr21RoLGwpUT99PWhORoZLCjoZkpUWuL53xOtuK88s1ZFUEd10qXaKftjQ9yGNvgqQawKJp7BBnzNIVxikwkHzUvMb84pyODtY8qca+3IBsFqogjyMbzT1W28rRDwgd6a8NDWG12oLura8k1rYu5N5cnX0YndwcCR8dozoi/yq3lyFUZXDWjf8goVAQf1LyjtaP1BZ2z4JVkPmQRBNFoqzmGYWfP1bRdlqdyQcepM7z6bZqDKugLNOr5b5+a5eToXwtOzSKbIYfmjKd1Ix13o+FD89uKUSzsoXGsx5GR95R/OIVMoaQiLSRBqEVDCqg8VncojRepRId7e1e8c7cBQ3oXG5IENqTErO5Wz6FOo706wStmKqQWTLEefGRNTCXsa2VO9x3isN1tjz9mMzIR8a/w+e0WGvgux2awoeTg/n4i4XaDsENrMg28T4cruxMzfUz6xT7Gj71X/NI/+lROCk2FHMAWb54oxy8sNQGk9BuxZu8O+UQH+QO9BytYbQVRKpIEgwDwwl0zhNWDUoU4Qr5Ba3OYIIRECDh0D8WKfjaDQiF9FIitlPWQdWd+GhTCNi/CJ+djJIWMKaZ5WgcujdJ2YiAXc7k30kMQXXW/Tf4ogkfOcM2VVa+DPc7TKgDNUvNJbUpDDepFf0V7ngNCX5hrFeqNkQcKQ4iq8Q2p9PqNvWx/wkRcvRZg2q3rvdQswdWJcdtSjnclWubgV/mLQ2QTD6/CMGPRyYG0EvodKAUVEKlO8BQ3fyoDHF0CqebnWOVtB007Gp+coMO2es8GW+ies1TtvhGW01reaA5N0vrJdqTx29hsj6Ks5XAm4mU5JlovEJOJl7gwEjPwG/miPkPrEZtc7hgWCznr8B/WoXN5IQlv3v2fXCHV0SG5t8bOWct0n+GgrfnC8PN3smdgM+IEFh1aufBMHbH5UO3kGqFwLp/lgbCNIOheLu/XPSRE1L1/6+qdPF0T+8EcATnut8xCSHhLlODFIGqgUdW+BcmP/mKj5JsRbIxQcdli927r+OhtxPAvHacF2WEJU29yKKpFeid2DM2jW56CFfmsvWMU4wQ2aDesAcBgq2oPRvg3mPdigV085OoMqcgzv5Ex4Ea4q6KkIQXWztR2FlX0wSxDl+KRs0yIFJnpfWJ1RDfXlUOuwIBQnEOuCKCcVWrFCKsDq4KqIqGDMDZQIZsYyrkD6XwT6ClYB+2t54JyN05C2VX3v8uSC+0UK4BV5cKvHidAxig81xJ+nS75iORKkenOMd18iiqajMpPUWyEeUgGEI+6oSC/tPTXxeWiq5Q9j94HZQiPMCI9tcgf76R+cKS/ovyaKNME2BIDHZwFvOh0QJSjJQZDr0tL4iKDdclOc0z7sE8JaCiiJ5UgPmvraRyvw3O1hliZBroSbhF/OZnQtuFnFiFikhMAWa5k/0ik07K0SGfY+6pomW8/pZ46NX3jhAAIBb9DZnyprvZuyVUMwjidAxviBvi4ENqCVWy963KgBL/ttDXu2ngG23+bbJntCI5VSZ3qsxsltLK1KpTwvRlvGK7AOP0FH2sIy5RGtXfOxe2WZ7sMUCtDu9ma0myL6sDaSxGLroxv31DbUoawEVchFfUJmULNmPkqE50aNrRAm1jNiRHYzczQy61VfK5WPkS5Vfn7xF5iNN+Jtkk+zIb4fzpF8qC1np0qNpU/mlbMpIfnpgMF6rKgGemIsvu9dIZvgremFrfneA5AQlEWZT7hKOb3leH1bs3/DvsNWRlMrCb/UlfXnnZ+LfyfJU3k98hADzpBoUWqRHewCCEhUMoexWEceDA93ypN5MnPeD0waIj99kAq6xMPadNpcXhvEWHyNZlOxI6WldOm7qAV1DxBMXFK64be3PKo8Juu3Gqob7cZCC+SZhHyQ2N/TMhN8iKilLKaXJRbj8GrganyOPkHyELMHFaur06swSR0T8g3Kb5Pm1vOduCdWBmzbwA0JNkt7tup7rzqPwSPe1AvdIL7R1716gvgO9G/ks92altdVRgcoGY2FT47Ds9STcbX838fsiGCcTs+lCPvCFPUWa5epoiTnUOfLjn0kbZfw/6qDHU1JFOo6LdVQ+n5gEeBrYc+bsTWOEFd+nCbkJD6LgtQlhTbX9ZgewLxhi2//gmPwLCxz3/e6b7DGBS3yS6xED9y49P2Fm9LGzFPPy+m8jtGjZ7yFgEF/fP9I+/VTmUVWEzkTPGiZNCFf50bhPdjunY+24jVoHbc8NweEbVxydEt7ZaQf8tzD6HKMCW8xrefQK++iYmeCbO9W5/Y9v5e4L6yRqHak+fwGoi3krL8v6znhJTLgs4O2nCMhPaEZBRL5LEBqH2Cy4xs0AZBz9GlyCcyK5dAxDMAAyGnlxcZ7n8uuE1ZkzApv21I9v5uB8NPw4OZTP9/w0gGKx4vvJCCn0J9Wp3PM2E1NUd6OepV0tHGpumerPfiiLQu3LWypSXQN4gsh4bswtHFg8gjCM15RuTgi9JkUfJML2iBnnedYkOCTqGHjAjAGk0tquvzkPd0O4Yg1jQlytteLCgVCkMEgXeoR+UIrI/rFgL4pEOV1bnOjPEbwUHfA8vOjYjacHpQq4UfpdT194XxmMMgASmIa7IYQIFWE2PkU74Nf6M1a86UxP7gR6T1Y5bQtw273SoZYQMAEnUuP2VFwUwirsQzah6CMPGK50HMIttBDBJbuMbHeRUwZ2zguu7E52EkmzC/DQ/WbmgOUmlEg+aeCb4z4UA2NM45dD/ZAGmvOT/Cra8iyDD0sIccyg8Z+0v0GIu6C6ebY0Wv+/FkKRCVPYF9JnCQSaPjohcGDsKus2opT/BEd8K0apFhsdWl5oZV1lgFx4ZR3gD+LRlDC60XLQUcKbryhlt+jt0CEuZMYwmraG/Poqq6APN+OpmKMgcZ8NDomVhatqut47upLM9UpdU3BJrzzewXFR7t593GXPBJZ62YyV2KUrCijGAO4d4WT4D39gba5BlYMsXo9n2LWw/XXf1hdECd69h1Yd2WazHcV9/wGnHnk/Ne7B83ickMs3y3k8Sa5Y2Iop533OkbG0Uznukaa6gWXI7Pp6ndKHRFPqMrcZIzY3pRXIjr9mF7td0m5V8rhXJfWf93EvxB+9sYwoMvXfraJtpJ0YYUp2gGBiX/M1FuyceD/FJm9VXpKXKb118iGHJA0YMbY4RwZwqaacFllkSaO9iwzNZISVE6D+c5NKodiNO7btYDutr4uD2BM4e0BubOplsvCaGqlqrA0tK1E193kolDuqZjibc2I+iBUmWoSYHs+APYF3UfWpr5xwCftrwupQ00CcqQDmkEHvqQ+QtL/P2BKZgJPW8PgJXoEUaLQSmKQ7Xr/cddHV2S7Oim7ppC/0WEXuDw+ZOtEnOfGhva+lULpYkh9UtL407FwsBXGMS5ddcf/f7J6icSCPfca11nX4oDbFIZKRElw+Jtwjz6ohOjhg3D2BIyyekuSe1TKthJ0BSQEgO0Yd1g4Qj9//8HTn8CR+oZqPazjSJ/W2fpbp3HE+NuMvdQBArGw2WwUZHQBj3lNGi7zR2y9BO2weh3kV8hSvJRwuiE1Bt5l89G+eUd4LPhLu+jT6G412laZJ5/RaLZRKL63xm+xjcVXW7GT3C+IhMvy6AoDVmxzaXFVk3EODYGsIZ8JilLc/372MFB8CcITIgPjDr9eAwoHP9/30x453Cx8PsSPX1r7UKCh1ldVY2yd8z1W6qXSBdxFcCysnEDaxSE0OOXa06abEx3eiK1b+EDVygCvGyBUS2La619MVLPDVQV0MeYhFnIlS9sXwbL02d/uzHqXEKmXOvp0ABj2TBRNpR1g0HHT/3ekd4b0LD2iBvr9UVsDx6nxXMYlA7xNXR5WcgM+HvhOrc05k5FI/rMu57r/Jr1LnhjwpQd+JOWH1fy6OdshmewQsKltSpdOepTyziC6X3GhxKXmYAu+kzS7oX9g1Ja2eCpKI7kqxdNUbG3aTCSP8w+iuUex1FWQ1O/u8GV8yC/oyae0uYERTC6ucB8WwUzyEioRsml7enQWPyRYAkTtjJbEUXzLHMl53fM20xZoBlCo5bXbSr9aWlMmglFjzCpoUSgRYPg3MXO4jJ18b2hhRB+3PYLXDnTkZyZ6RTH7kOA8wh7ULeCCGgLvyJOflRBz5WQ10HBD6xQl6OdxoNVD4W4mSmWbFu3Yn3G58tzKlrnOThN6DU6Zctn7iGEQ6v0GsDctOWMJp9f9Vw6ngCbLY7zbSLBzxCbPOCG+awcreaeo2+7Edt8qcjSxZJcNGm2pou67fHU+FfiiDxHmDVqjiFgz0cuy+w03o6KPajALlGCVGiSaFE4ZAjlmDAOndFspmlEKsFDVx6IDPc0KJFoeTzU349PRxBGXdps+lhbQBmynjK9SCSrLfzd47NHnUw6CHmp7Dj1rv01krsXpA8igVXZO9dOhCSZUfeZy2IQKww7P6S20uZdufxPEHI51DMLgY0u2j41yIWiB7fzFMKT03BfpDH+umtddgjL5lTeRkX+QPJVda7kUrVop1q/YmAS38WLoG2TRVHLnX6h0VWiD8UEQBPihj1syqsfwUJVLZlolpZst35xqiP0YL7Kfh9iNfp/KGIqv2xPF+Hq/zIS7razK5sDU4jvtuiRIPLgQ9ENg/VnBF48RqjW0m1UTKs7f4jYHjjNN5jKhldY9X6fFwNHTaVGnsgGCl1nncS5JSn9svQYaP/YoisbsoDZ2jTS6YofWuxzCJv47QRZ0Xz4sihkAgpwbLnw0JMsFGpkWGRods8xA1M8jg5/S8eNhb9uUg2fwQQT+IqjSghUDCZ9mAjdY4LGZIYjXNuPbBPm05bn9kqg7vbEGUNre2RpuEC7Jg==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-01-16 00:07:59,792 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-01-16 00:07:59,793 - INFO [Shibboleth-Audit.SSO:?] - 20210116T000759Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_1481127516a0548302d1b9b5a9193263|https://services-sandbox.sheerid.com/Shibboleth/UK|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_1f2dbbae86d238c054cdb2ecdb9a6804|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|AAdzZWNyZXQxW/dNx4kj+Lh1LmLQJGqkwZQLXnAWaPlxupfgC0/tNlrXG5xeq3wxcK/96lCD4O6q+mU3Vzlgy184otUj/L/VvqcTU7A419XSR+JiEuWih1T+3EVR/7dKTUs/piDtEFlxHTpwvEIGpfPaPbc3UWYvdnGPfj/c5A==|_e85dcee319c044bd193106cc87a262a6|
2021-01-16 00:08:22,253 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: ss:mem:bc579e8b3a7224e159418ded6cd25d617a1a5591e0cc2b8ed454ab724d002781
2021-01-16 00:08:22,253 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-01-16 00:08:22,253 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-01-16 00:08:22,253 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://test.seafile.top/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_76c5744fe44980bdfd781160ef72fec0"
    IssueInstant="2021-01-16T00:08:21Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://test.seafile.top/sso</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2021-01-16 00:08:22,259 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://test.seafile.top/sso' from origin source
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-01-16 00:08:22,259 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-01-16 00:08:22,259 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://test.seafile.top/sso
2021-01-16 00:08:22,260 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_76c5744fe44980bdfd781160ef72fec0', issue instant '2021-01-16T00:08:21.000Z', entityID 'https://test.seafile.top/sso'
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://test.seafile.top/sso' does not require AuthnRequests to be signed
2021-01-16 00:08:22,260 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-01-16 00:08:22,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-01-16 00:08:22,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-01-16 00:08:22,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-01-16 00:08:22,261 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-01-16 00:08:22,261 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://test.seafile.top/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-01-16 00:08:22,261 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-01-16 00:08:22,262 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-01-16 00:08:22,262 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-01-16 00:08:22,262 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-01-16 00:08:22,262 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://test.seafile.top/sso
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2021-01-16 00:08:22,262 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2021-01-16 00:08:22,262 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-01-16 00:08:22,266 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-01-16 00:08:22,267 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-01-16T00:08:22.267Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-01-16 00:08:22,267 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-01-16 00:08:22,267 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-01-16 00:08:22,267 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-01-16 00:08:22,268 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-01-16 00:08:22,445 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'test.seafile.top'
2021-01-16 00:08:22,445 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-01-16 00:08:22,445 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null