2020-02-28 15:00:52,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2020-02-28 15:00:52,887 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-02-28 15:00:52,888 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-02-28 15:00:52,888 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8000/saml/wkWYHJwehFeBFfTC5"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_236e4e03-18b0-4a57-bf5e-a9b61452d080"
    IssueInstant="2020-02-28T15:00:52.158Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>http://localhost:8000/saml/wkWYHJwehFeBFfTC5</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="false" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-02-28 15:00:52,896 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8000/saml/wkWYHJwehFeBFfTC5' from origin source
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:00:52,896 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:00:52,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8000/saml/wkWYHJwehFeBFfTC5
2020-02-28 15:00:52,897 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_236e4e03-18b0-4a57-bf5e-a9b61452d080', issue instant '2020-02-28T15:00:52.158Z', entityID 'http://localhost:8000/saml/wkWYHJwehFeBFfTC5'
2020-02-28 15:00:52,897 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8000/saml/wkWYHJwehFeBFfTC5' does not require AuthnRequests to be signed
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:00:52,898 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8000/saml/wkWYHJwehFeBFfTC5 using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:00:52,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:00:52,900 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:00:52,901 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:00:52,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:00:52,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:00:52,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:00:52,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:00:52,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8000/saml/wkWYHJwehFeBFfTC5
2020-02-28 15:00:52,901 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:00:52,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:00:52,901 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:00:52,901 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:00:52,905 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:00:52,906 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:00:52.906Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:00:52,906 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:00:52,907 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:00:53,102 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2020-02-28 15:00:53,102 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:00:53,102 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:02,716 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-02-28 15:01:02,716 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:01:02,716 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:01:02,717 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="a10a7hibi70604962h8igiecfd21f71"
    IsPassive="false" IssueInstant="2020-02-28T15:01:02.171Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://hmcts-java.dev.kinlycloud.net/saml/metadata</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#a10a7hibi70604962h8igiecfd21f71">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>MX3L7OCCDHML8/VCuU/yNX/gdNE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>S+6lxFZvqFYPW+NQx5pulP3bDc1JDrxuBu+z3WvQ/us2IMHkIVwd7BKAIcFLLe7G80ouunS7ApmgRrOiAxK0FQjB/L4gwVX8zTIyXImZf5J+a9vNZEJ9IS+m1fSSMEudFr8ElBuRQ5M9A20LojCd6iKeobRf+/vSkcbpgZ2pWc/C9mG+TkPApBnCpzMGbPxX478M1VCm2ZF6lKOpu1DYlL+UEQVGlmnr+ALlR2gHg2BuGogHVSDULBwL71uMh+zvxzmTfqqRXNfkCvWAH1aqarluUYc0B80NdoujpYpClsW0RpS30qlQiPe5/FrkbieiIhSOL4U7E4RdgcK3Z834lw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:01:02,721 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://hmcts-java.dev.kinlycloud.net/saml/metadata' from origin source
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:01:02,722 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:01:02,722 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:01:02,722 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'a10a7hibi70604962h8igiecfd21f71', issue instant '2020-02-28T15:01:02.171Z', entityID 'https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://hmcts-java.dev.kinlycloud.net/saml/metadata, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://hmcts-java.dev.kinlycloud.net/saml/metadata' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:02,723 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a10a7hibi70604962h8igiecfd21f71"
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a10a7hibi70604962h8igiecfd21f71 and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#a10a7hibi70604962h8igiecfd21f71"
2020-02-28 15:01:02,723 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID a10a7hibi70604962h8igiecfd21f71 and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:02,724 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#a10a7hibi70604962h8igiecfd21f71"
2020-02-28 15:01:02,724 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:01:02,724 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:02,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:01:02,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:01:02,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:01:02,724 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:01:02,724 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8080/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:02,725 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:02,725 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:01:02,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:01:02,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:01:02.729Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:01:02,729 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID a53e5d755c3f761993aec0a9d6c28c1929cb00a1cafacbf25a3bbc98e1d7bcec
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session a53e5d755c3f761993aec0a9d6c28c1929cb00a1cafacbf25a3bbc98e1d7bcec to 2020-02-28T16:01:02.730Z
2020-02-28 15:01:02,730 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.46.7 but session a53e5d755c3f761993aec0a9d6c28c1929cb00a1cafacbf25a3bbc98e1d7bcec already bound to 172.31.28.90
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:01:02,730 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:01:02,731 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:01:02,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hmcts-java.dev.kinlycloud.net'
2020-02-28 15:01:02,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:02,932 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:07,658 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'morty'
2020-02-28 15:01:07,659 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user morty
2020-02-28 15:01:07,659 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@722479277::identifier=morty, context=org.apache.velocity.VelocityContext@489f47e6]
2020-02-28 15:01:07,666 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=morty,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@722479277::identifier=morty, context=org.apache.velocity.VelocityContext@489f47e6]
2020-02-28 15:01:07,667 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'morty' succeeded
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'morty'
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'morty'
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal morty
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 552409755547db18b7383083008e0b51e048207f264b0553062a0ca25c19d030 for principal morty
2020-02-28 15:01:07,667 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 552409755547db18b7383083008e0b51e048207f264b0553062a0ca25c19d030
2020-02-28 15:01:07,668 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=morty)
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [identifier, uid, telephoneNumber, role, mail, surname, displayName, givenName]
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:01:07,669 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2ca68c89'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'morty:http://localhost:8000/saml/wkWYHJwehFeBFfTC5'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty:http://localhost:8000/saml/wkWYHJwehFeBFfTC5'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty:http://localhost:8000/saml/wkWYHJwehFeBFfTC5'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'morty'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'morty'
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:01:07,670 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:07,865 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:01:17,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15521-guSzarOp9WNgq0XZ8oqZ1BV6HICqWd3W
2020-02-28 15:01:17,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:01:17,186 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:01:17,186 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
    IsPassive="false" IssueInstant="2020-02-28T15:01:16.373Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>dLS7j2SvuY98f5Kk7CMY+Q7Jbs4OdHNlTHYVrRrobeE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
qvr33x5EeWOp3UbMbhuSknziofjFx/6QeJ4KmhfaeClWVRJG3MsyFeKvP0nt5kl/nr4aS/WDSsvg
3Ktl0M9OruMT8OEvdGFkbYp+EiexasCvLk1fdQoBcEjh5qE9dPHanQbqXXjnztrjEhaE+b9bzJhc
cG1OGIhJODBlh83rj7RlI5+G9LokJM4Zgtzokvlm0BCu02Pu/OSIh1ArklYvtc1XpGrQ3smLjEhq
N7iR1ZyRutt/Rdo+LJGeTenT35NBwgU8r5GUkZyHpFAoOzTV9Zvnf1lMVcESwNS6Khv4oxDCALLV
XrTehGj+B0260R5XOsWG3wCDwFijI5Mj0liRsg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:01:17,191 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:01:17,191 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:01:17,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:17,192 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:01:17,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:17,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:17,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:01:17,192 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl', issue instant '2020-02-28T15:01:16.373Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
2020-02-28 15:01:17,193 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:01:17,193 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:01:17,194 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:01:17,194 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:01:17,194 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:01:17,194 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:01:17,194 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:17,194 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:01:17,195 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:17,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:01:17,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:01:17,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:01:17,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:01:17,195 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:17,195 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:17,195 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:17,195 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:17,195 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:01:17,199 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:01:17,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:01:17.200Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:01:17,200 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:01:17,200 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:01:17,200 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:01:17,201 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:01:17,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:01:17,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:17,374 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:17,617 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: yIvL73GskW_UX01Llf6pthUA21GifMGH6UX_tYWqop276_SXLKyhg1ny
2020-02-28 15:01:17,617 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-02-28 15:01:17,624 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-02-28 15:01:17,624 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8913/saml/acs"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-34a0cd0a8452e47f5075da529611e32787d35949"
    IssueInstant="2020-02-28T15:01:17.468Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://localhost:8913/saml/metadata</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</samlp:AuthnRequest>

2020-02-28 15:01:17,625 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost:8913/saml/metadata' from origin source
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:01:17,625 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:01:17,625 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost:8913/saml/metadata
2020-02-28 15:01:17,626 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:01:17,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:01:17,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:01:17,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:01:17,626 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-34a0cd0a8452e47f5075da529611e32787d35949', issue instant '2020-02-28T15:01:17.468Z', entityID 'http://localhost:8913/saml/metadata'
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost:8913/saml/metadata' does not require AuthnRequests to be signed
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:01:17,627 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:01:17,627 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,627 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8913/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost:8913/saml/metadata
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2020-02-28 15:01:17,628 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
2020-02-28 15:01:17,628 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:01:17,629 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:01:17,630 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:01:17.630Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:01:17,630 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:01:17,630 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:01:17,630 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 17e439635597c416fd3d005c4c028e51587687755ff0bbbad4615d445f974018
2020-02-28 15:01:17,630 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 17e439635597c416fd3d005c4c028e51587687755ff0bbbad4615d445f974018 to 2020-02-28T16:01:17.630Z
2020-02-28 15:01:17,630 - WARN [net.shibboleth.idp.session.AbstractIdPSession:?] - Client address is 172.31.46.7 but session 17e439635597c416fd3d005c4c028e51587687755ff0bbbad4615d445f974018 already bound to 172.31.28.90
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:01:17,631 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:01:17,897 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2020-02-28 15:01:17,897 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:17,897 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:19,533 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:01:19,534 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:01:19,534 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1360148498::identifier=rick, context=org.apache.velocity.VelocityContext@7523d39d]
2020-02-28 15:01:19,561 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1360148498::identifier=rick, context=org.apache.velocity.VelocityContext@7523d39d]
2020-02-28 15:01:19,577 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:01:19,577 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:01:19,577 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 731c391d9d529b8adc57094ddb41746844c57ed5f6f4621b239878bffbe1cded for principal rick
2020-02-28 15:01:19,578 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 731c391d9d529b8adc57094ddb41746844c57ed5f6f4621b239878bffbe1cded
2020-02-28 15:01:19,579 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:01:19,580 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5141032f'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:01:19,581 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:01:19,582 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:19,752 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:01:20,320 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:01:20,320 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:01:20,321 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150120Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438080321}'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5141032f'
2020-02-28 15:01:20,321 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:20,322 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:01:20,322 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:01:20,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:01:20,323 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _688669f7e4c2e254e03ba308665b3119
2020-02-28 15:01:20,323 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _688669f7e4c2e254e03ba308665b3119 to Response _55a51950833cafb7c9e2983cff8f34be
2020-02-28 15:01:20,323 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _688669f7e4c2e254e03ba308665b3119
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:01:20,324 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:01:20,325 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:01:20,325 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:01:20,325 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxNm1vX/yts/zCj96ftopn91ru5JHfe809OAQUE6yETMoTk+g7RB35plPwiXS8WW3T05DwX6VpLwz6JOcbNR5BY7wu6JFO9G9NrOgbMWa2F0zlb5w4b3DEgVQgPpVB7Skr43hFcwwxS0JTY5W0ZLu2OZ7kHERHqsg= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _688669f7e4c2e254e03ba308665b3119
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _688669f7e4c2e254e03ba308665b3119 did not already contain Conditions, one was added
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:06:20.322Z, to Assertion _688669f7e4c2e254e03ba308665b3119
2020-02-28 15:01:20,325 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _688669f7e4c2e254e03ba308665b3119 already contained Conditions, nothing was done
2020-02-28 15:01:20,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:01:20,326 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _688669f7e4c2e254e03ba308665b3119 already contained Conditions, nothing was done
2020-02-28 15:01:20,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:01:20,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:01:20,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _688669f7e4c2e254e03ba308665b3119
2020-02-28 15:01:20,326 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 731c391d9d529b8adc57094ddb41746844c57ed5f6f4621b239878bffbe1cded
2020-02-28 15:01:20,326 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 731c391d9d529b8adc57094ddb41746844c57ed5f6f4621b239878bffbe1cded
2020-02-28 15:01:20,326 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:01:20,327 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxNm1vX/yts/zCj96ftopn91ru5JHfe809OAQUE6yETMoTk+g7RB35plPwiXS8WW3T05DwX6VpLwz6JOcbNR5BY7wu6JFO9G9NrOgbMWa2F0zlb5w4b3DEgVQgPpVB7Skr43hFcwwxS0JTY5W0ZLu2OZ7kHERHqsg=
2020-02-28 15:01:20,327 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:01:20,327 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:01:20,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_688669f7e4c2e254e03ba308665b3119"
2020-02-28 15:01:20,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _688669f7e4c2e254e03ba308665b3119 and Element was [saml2:Assertion: null]
2020-02-28 15:01:20,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_688669f7e4c2e254e03ba308665b3119"
2020-02-28 15:01:20,327 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _688669f7e4c2e254e03ba308665b3119 and Element was [saml2:Assertion: null]
2020-02-28 15:01:20,330 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_55a51950833cafb7c9e2983cff8f34be"
    InResponseTo="_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
    IssueInstant="2020-02-28T15:01:20.322Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_688669f7e4c2e254e03ba308665b3119"
        IssueInstant="2020-02-28T15:01:20.322Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_688669f7e4c2e254e03ba308665b3119">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>bnbBFZ8hcpa5lNxyL1mzrrhH7qIuiEv0i/KRA7xiVBhQCL71kPm3tGlnKjIgFv5aY6+Ok3cvMx89LVZvsZ9r7Q==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>kbUEhBxVMWuJdQugX0dI8rN0rXJcU3nxutWr8LHtcMTblmPmY8gBZ8Jd60OJ30neWkA33ZW46GUVH8oc+8JzzePFE7chzYplVuktjcldM56hi5llZz9ffH2Ls5M4uc5yhbN5Y/pFBM/d4TaQ5iKcyoJhhE9YB9ncnPM7y1fdyDVqOW+6rl6mS7md59t4fo6jFvBOTRlihSAid5+QXF8u3/nwLHunbKtAbdFPu8HHzRMAK+DfvXVMYPs3HguRPa6RpHsO5TgwNB5jdOn2KsydzIt1fl+PAHiAIW/E50MVluE619WauCz+NF8TnnIzjDUCKv8DELejSJIqSITaTKCLcQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxNm1vX/yts/zCj96ftopn91ru5JHfe809OAQUE6yETMoTk+g7RB35plPwiXS8WW3T05DwX6VpLwz6JOcbNR5BY7wu6JFO9G9NrOgbMWa2F0zlb5w4b3DEgVQgPpVB7Skr43hFcwwxS0JTY5W0ZLu2OZ7kHERHqsg=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
                    NotOnOrAfter="2020-02-28T15:06:20.325Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:01:20.322Z" NotOnOrAfter="2020-02-28T15:06:20.322Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:01:19.577Z" SessionIndex="_80a858b74f9081636d1e7488701e2226">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:01:20,331 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:20,331 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:20,331 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_55a51950833cafb7c9e2983cff8f34be"
2020-02-28 15:01:20,331 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _55a51950833cafb7c9e2983cff8f34be and Element was [saml2p:Response: null]
2020-02-28 15:01:20,331 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_55a51950833cafb7c9e2983cff8f34be"
2020-02-28 15:01:20,331 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _55a51950833cafb7c9e2983cff8f34be and Element was [saml2p:Response: null]
2020-02-28 15:01:20,333 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:01:20,333 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:01:20,333 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:01:20,334 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15521-guSzarOp9WNgq0XZ8oqZ1BV6HICqWd3W', encoded as 'TST-15521-guSzarOp9WNgq0XZ8oqZ1BV6HICqWd3W'
2020-02-28 15:01:20,335 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_55a51950833cafb7c9e2983cff8f34be"
    InResponseTo="_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl"
    IssueInstant="2020-02-28T15:01:20.322Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_55a51950833cafb7c9e2983cff8f34be">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>QOnU92nF0dQhJxZ3bBc49aQ5vuADTvmuidhONCWDliHkmsjiaO2eKLD0mnY1QlAtOuEysMWG/7xYbLZ2hOF6RA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>LNsjknOtrj5GnrYtp4RZ8RhAtks9/BTyC1P7Cs0Tu5D3QOmrYeDsqI9WZAKd8OnUW0s7w43YQeLrbfvxO/KQz1l7r6h4+Fq8s36b7vIBbvnrmCeyIWycR75F+8ewGC/+gFwncnfyz/CtDCLIzpIkenJgLwwvy4Z8ruY7Ifp91e7WFAR611bLEduYyqywpbcF03EH/n1i0PNXRLpisLJbsvCTFuJMzvj/xHPAUmstymdJhv1G3Hk3kjIy7gRI8McwiRN2iB3yWXtGqkg/rBbjiNJbY93EGmmzqBohrCaVsXTfqIqAEoDHGrDmVn6KAfJacFOeT3yG6xADnnKpOh/HOQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_484d0613fde62ab4c5d71454c51b5219"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_bcf890d4ac7d7638916979bd928eeb92"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>bSIifSjD7WshLQYKc1kwKDJkDjNrw81mKU640yNLUifJsRFzBn0+LWkbc2tVEVx6O1d78qv2oPCY4f7Cp94dnRD+akq9PzdBwkStCMhFO99EtIMdCrqjLLpCQgoDQU0evGBfpej+FMNXgeLaEpmkrWu6l0fAtC5w3pqrpkmH8KvyRfpNf8v9W2+e7cKI8vkT0jGRaOHf6W0BUldY6xtxBnjcxD3oEx3Zcu12Ca3x4EnmmjQ1SsmcC8duxl9K+pGt5AuRQ1jfRxGMDRW4GKfJkWhJUv3rIrHfU8aF8+gf55sOfvZuKusr2sCeUiD9tUFM4/w6L/ddA/6/8kAVBQyNbg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>4liETQA3wpq4hBo/if8fecPA6WDydUUa945Zt56ELRsphwM71bAs+MOCIAS/hrYdv2xrPkGpSzjuyK0zCa/HnQK/YS+Mu8mg+59a73MMwz0MMWIur4DHx4nFO13PCg/XpNlf8pQU3+Dl8yf0odnj7T/FYTWxqdJU6XjCFj4XCuOXH3CXDbfusHsPohqS6swEBxuzXDGLQvh+Z6mGrEUSOfACGHdZOa5KZ/zLHWMo9uar9ncdhbVx/U0JCM/M2BX2nFL/ojw6LMFZ2Vo5J9whB1WjglgnISBByWmLenHj9V1X7cEelPFW6w/M/IHkbwzi7TJwAkKTn9ibstCt6G4VCGNAMA5mCJlhyUkAt0ITpz4PMlmgMI1IOUa5noApYKmJqK0QDlykTMf44JGNftgK+3WcVr+iW5FIYj365Iu9I9N8hiGRt5jvZFHXEmjqbrmToE/tehtBc8D9UIl1aIZ465aKcjiN0bDwGd0ycROwd9SAMmn4J0i5AhabCQrBz5nSRUWoYNh+OdMmSwDpZ0JUWrort5IHweAjJkpei1gApAEOT/qWTF+5zRBPrlTMiRV2welnKN9UWiH9cXYkPSvHyaOybYhMcXfXCYCxl1Faep5jHYEQOHVyO/qabUnCaw8MRuP3O4UTIMDwuTQJ4uPVWNY34E2vacBhgRKQ1wmVTUb3eSVlGKS7/Hxpn9ltjC90YRzByc9bYJpf9EBoZfLpNaBZ2hKg71cbiUi5+6/ek6J8vi+knaC4leceD991uH1LfScchFZw6dARGYycU47KjHoKA6ubUNkgIpEIgaUjmBU5XXsW+SRMaJcpIcyhbKHTitUpvQCtoCUnn/3qhB8gs+YEgI0FIFWilWqBEbBmTObcqzOy4ugNur/tGPmhsRSw5JPoatDw0IjPOOZW4BZz51HnPvPYfzQpj86SYSeRlCtAbmfj20WvcihVWjN78F2yoIQGgLKHLWXvUgmUaTuH1H2vd5ww+3AGtpSAb5ng8b4ucEsGtMfcoDudjtFEfCIck6h6Nwuvc136igGvHH5EQxgb6bWRcpPXNR7iXtIQfMYBoHe/p36jURE612OaBddPLdQBKue4YL9aLlqKlLCYhOH+yrGam6wkIMScdoI9a1wp/eag6436w5SEL0/LoHFBbsRQLoqKEnBToJJJd8aTTSLlyAa/45ZUxYE+Z7I7YCfnnhSz0Ao/zSWPpfW8iJx4jt0yLy56ysqPsA/1cjoosW9VVJ8u0Q1x30AERSTmKYRS8y8cLHE+/eTbnsJ4YMeoYou5rDaj3tursjmnbbAHpOpnW1JqV5aBtm4DGVxk6Y6R5HqgJPPN8fJR3YI1h6m8lT+6TfVjQ7Vtl/ZBDciK4TxasNdUZOHbYATzOViLDCUi3XzHdYyf6t2xnn8jN9IhWhz57lQtmrbGu2FF4Dl/HNOHz3JaeikSlNm9XHthdlK3HrSh0oBgTgs9m0iqV0ysmQ/fwxA+w0km0buTDkQjVWsZ/zRaf4xOYqFsHLdNBsymUOnv71mtQeXPYTg3YcqNv7ABZ1LXvwu1Y9sbx9xHKVTT/Tp+E27O1Mcis3IMmSgAAXNg2vlZLFlk5MCEYWs46mZmDSWDIm3GS2/Fcf9SqfAokjwsvwxRz80KsHv65J3IbfQyQAJt8kgUEN+FQxsFh0LE2YyKHhe4KGKe0qDHWoKehaVYXSVi4w+V5Tu7o76M9TkXU2G1qI2iw/KXgPt7MsC9R9LDRNk0lQFM+S3bVqEi/SUYLJ98d8Q3vdqBNqej48T1aorTq5y3y65VyMcMILh6UkiTks/Js0o4bRwc1wjgxcee2GXNA1wf4DFOx8vxBZUm6BPw1N+UP8vWQRAwbVb83VCgWEz5gBzPXR8Lu4Ubz3w22yYjneB+36gh86Ude2S2kWoD35NN9ty70nt+ObSoO1JghihfUMfQMuuSqMUr6PYpzhvqfBtH7CHeht+B/AB/1WLxCuso7Sv5oN9/zeQ4nxqFDI+uGYmEUuPBcTJogwgzq87Lf6PQlSd9jHWk6FVUWV6bBkqHN65GohK5u4WZYUXQVhEnk8Z7zvL4e857Suet42MqLp+gPPb8L7feox6BqOa2PRJb3RvDFI1sKTxXBr5YXp7K/W0KyGlVOIWYrUvZiW6PIwSMsxVfN0WN8QzDGx8A6tgW6MSo8wRwirddWvkttqrER44R9jZUKBpXxqwb38qGCVJ6Duc6Ux5+oDtPsORUlHuKjVbSmSrtrDAzN1tQ5r5g0pJAlimmerYFoRaHYd9d3uVVU8LWRV6NI4TSwgUkcPfs2zqnwEGd1gWhQoNlo6I7QdSNwsnKdu+P1pHIG2XSUUVGezmn0gtvyPwWSSOUSzictSiGLEo/ingjnQgYo9aWdZwyZIcMkmpV8l9sJB4S40vBQ3+tdUtvVXZSVsLCvO4n7dxGDA/CIcDTusYvmFuTSRoGs8y2IbTu62lkRHunuQmuoUAc2HK5S9timu5cQr2V5BQCRMRjt0SDfb+nQXEZh7LgpGzoV8yrj0zMlJ9qNeSkK1kOA/1ly+cCsk78FZU1aYin0owsDGNXBQ9n0a5+AaIMm6YZhkdKFwAK5rhlzgo8tCaiyNQGqo92L5JfI0ag7tVzBIMtuX4KB+B0dEk2nFIUM7K5R4JefV5D09hjHxHhATu9O590QSVBlNiAkpsy7WUPqzuvpPPGGcSDo7nrVmNEvk3kiGBAR+CuzOGlGcSiWVUccR4gWCNOmusLsDhyttmlgWRVpc6nE+uXklcz921wHXraYISMcB2SBsyoBIS3ycL629t7j4oMNYA0SHlzXlQhWidd85BitVDmnkbfPz0MZvOGSSE6tKQktEhpAsPRIZm6bkUQmBScg9zh9glGCfXXM+K04GWMTPwil4V4tw1uliN7fxJQgv1kZEi6MtIKhHe19Yiaw3ZhcaXl41mL7dg3LktY4XsZ31HxmosMVukHPT6fJwXLbXiITy4ARq55iLczk5bI7cbKYEx8qj6+e4HOKUdr+Pyn/P3lMx0qq8sWRC19kS0ohhBpo5bAQW4yO+AqJBnaKuuSW+fE8sEkI3ZAe19F65oahKKgPLTxfJiW7Nv9IfKVbMJoR0sEOLV5vPj7rmbkp26nHEqeVx/MyOK4kdfF2hYOPZq1wfiURYntf0wm84Hcj3erFzybDjMW7t1ES9zhdgQpSyrtbviJPpflhLZs6Tu1VbFzX2BJkzYeKDcmzfnTlP4cpKQV22EjCw83y6rd8Gb/K/0onUh9s1AWTErUAFlV8nTIGWMUubZsC0rfZWwBb96I8adQRlGNAJetL1GkXBGxCFXftj7KaZaDxX4LbZFulF5lI0h/JJ9hfeNvr+i/4Ay883U1GxXgXL2K4En9RDG1+ITow3auJCOdwTLwbc0HNEx9J7zGVBOsEA/pk7QHWLH/3AfXxGYhasWn6uWnRM5vMDtO6SoNqbC2OhphWPE1Ben/MdLMXbnmneenyi9hRtSkHmkTE8YJBHYUiIOB28pRfbBTMLub1vAvcbTMfy+PBLS908u7aYFBpLXd6JgtaqEmssYht7q215wOZpMxH4jU2L87tE3yZy0H2jyggdCKqR/AIz6sTFsH3W/cOgoDsyy2XoV8rHnLb7oIxrZiYZ4f5aasVHnDZRELHRziTfNJsX6VgiiE3jaMvxfvlzocNEC+Yl4xY/88hCYZiaTQ7WC4PwhIM5yHZjbtFqE6DRln2lFQiOFRM2fqQTpy92W8CE49jH1aE9UND7c3Oqzfr0DzsUyx/uXIokm4BkDOw9dzIGltQ1Tr6SLuRbkfO54mUyXj6fZBwKNgh8ehHCBgMwe2V4X3qzoh1XbPz+Z4iU42rVt1zwpH8emZqACenuJbCpEPYe/RpB9NlekYphDRg9DVGzdD75blLlfnsZm5321XF8hsYqFJAbpskJmDsCbpD/+eH18flYkh9HZFT+7OubY/c5dPmybXRfgCq8POBGC9bk0gu1Z71hrbT+wbLq619+skm4fhMQ+WDLb6KbwipS+NOjX9z0nkS60ugms6tj7ogyaUCDom26el5brWsFSY5qTr57JZyrdJcVfLn0ghrK2JHFDxOIH1RAufBXQp1o+xrEnydxzamnpDeeWVEmdi4QXb8HLnzKHrAvaD9QsIFYS4hMX11xfBczcjo3qKVqqojTmpo33L/EVd083f7OT/moAp8+ndbJ/dlTM72JXNGS4AED+kbW72aG/eeIcQoJJUak1B9+hflFuoSf3Tva0stGiQKasHSW3F7GWy8Hr3zXV7rIBAVnZgRscpCqFxi/KlXEeVKC94z3aPOGOzXT2j4zIXj5MtJDab+f2h/OxvcE5XdverGk6Fkv07rJd4QC7Oo3wfZmY2/VCu+xN4Uz/fLZ2mMG6244mR6EeYLkGTTGAKQMWHKQKiBiHvLzhtZLLE8+ZGqsusK7XLVC9WW3QpO0s2iJ8pd4oIzVels6nhdikN+3KRjU2Afw+SR3BO/71BSuOwG1miETt+8CrIuM/8WKAWvYHOI3fwv4cpCwQzG4Zgo7BPOdsnTOnbR/kCLexeMqcd64H0kTvYGvlMQU1Dpy8spb3ip1qPGufTNgG0t4EA9OhrI9KfacHnedqJR5Pz1NxJ/eK9nLaamz+5VhfOqmszManirgLq5W+ZAiM2hPyQUUKJhSd7fXHFJ3FU3ZS2XodzO9xjCsnmi/LqrGS0rMagUSUMVPMSpKo4JIjY12e893HbiNSubPP3BSkqcJWlrlOk0OHQq+wAkrrLC6MQjrTZUN9RtMK6blC9y2GPcCxM2j0FkIKVUlG3ffwa9+/FvJ+TQY5L3DjYaGy89588gxHdc/LZmdDOmENBaQwjHCPcyNFOYqzLiluCQJZDPW/O3ZJMVsvv/TJ6x2dMJ3kM26jvIYoPfAC83+ixS2yuwsfe/fLyiLkZSxh3a6VA0XMfXXVNBGw4hrQ+V+oMjXXOAfmpsNY5uzbMxchjmw/0GrZbJbCEcxxBXYQ1XiW6xnkKs00oAIltu9/ISiagAhBUUWmZaRHS83Rm3eSkHAwHf4q0j6Nqx+kvezScYPQx2IkkZCan9xPGxgfAOIvqoIQhRAWDSYz3VbH1miViaA36u9aoz0e6DmUUz4v16LjsEFbb0WFjD8/LZI3eioWXB147GqxqKzyYFx5eHDj5Ytl7Djz8/W98XK2cMVMMlc6UOzJXGH40G0Z69WRW5T7j35S9hs9lrHwoD1aWPHr55lPGRHoab8ER7zOEosa0mHmonXYcupiVj3E0H0by1VHD++gCLFCjduGD3dvjLbzu8Z0FFUbHOlSnRZpwYq9gWer+VRy7OtvG8dXVKw2rLFp8U4/1EMjN1JBYMyqu7wKHgFS4fb+baxXtAjabXa37RUUAwbEaff+OOXcvag2tL5m+/p4rQxGb13qCbmXiagjx3mOVhJIaYF4yuKn1ihPkNg1lb0WKRU978unX+BZ1vDNgN4zliIedaBAe+qpgsAiGKZr6VOywdMx5ckAHzq9yvrbvJ1XRRPYsoC9U2TGbE+SgYrzAn9UbcdjRexaftttHIZbW3nbrZ2LHIk2OxtJvwJLkvH9PomM3ZQny8bmwpdKL4e/5bHLHKtYqrUv3c9gmTofs2LwX7Vrj+thvVrsm3cigPIdOFCz+nC0c7zrikT6BCrxN4AJoSgI7ejhZ9XyW2DeGBMKMpSKtqDVPLSh7vpn/QPBtap2IQhpvcop4MUJABxRC5HGmlBk23E/mEymVQxZXzpWAiykM4NIK3QPDy9n/O43FqGlS63rfJvMw+Sbc6/ShOiQIn5cdlQif7gXDZTk5FOUCrhdpxA5QwlQ+w/W+v1vNkeCiBaSbSDnbvn9Af7PuAuI0d9aNSJ3n6oG+ZAhPemabpgr5oCG5chYroWi1sRbMh6bipQ0ahSW2HeX1OvuLA9ipPlqFxVGkO5ONtDDzZxtuLHm2w7tlEbm8sCGcopxM4zRbiExLHONKUcB8VcZhgLRwH7sWq0uQe3KszpMD2IegSJGGz0CQy1DZ5dPSHJPJ/FiFTO6UrQRoMXXJuj8vBGqy5ZMPnOn/h3eviTzwB9VTwdjIU9v8Q3ZXzffn9sdKzCBMtLS89qsnk4omUIStTUINKcoPvzGG3WWnKEPRTWfp5vjGI5dltL7KTTqm7iac6NgzGjCPoDvLvLQbZXVcQkQuHL6NxFL56W0RyVNKchtob0+yo5uFbBMto6DfYZz98Y7JZvXIh1MU9K3McIAIIfB9C0I2k4CiSKSU5+hZ7Rx1Q2l7xLSlSct/FW61vhTAbGhlwwezEiOa0FdJ1yMZB5nX46IJEMV9bxqovY5LVptW6mRPTovriDiArSX8RcyenAX9mLTnPCn+uV2goTUAkn/FTjajICKnzGwo0n2EPTWR2SK+ay74YgskBnoQMUq8lIgwH4txUJbMLsTbTi9mqP1JuJTJYgLQkVVpKkr7U1b6xIPKznTG8GFTt9fCzdfsqrU03hQrUE0laYaTUIp3GG+ysF6yMNScOqklVgfLfVzt9ew+kbAwWq88rxCMLlXR4C4Jr9I+zgw2j14wkXHAtvwlgTCB/CF+POBfdoa7ifJUFY8OA8hsak6F5/R2KUcxS/F8geCznToA8uZdphE5yy+BMzW7IBq/9cExvRe01micWNflETzFmdOSBcgIWVnZngjJgtrUJKkNFkOIqzKtj6oVm7G/wFooRhYDesLG+UvwhVoJVKuK8oBMLld2/6clSc9JxTlOfV1Vi6WIjSeIQePtDqp5OPAz+ME1qxbnKipsf0VU4Xknnzl1+l3gD2bZpGBPPB+XlRluO/xuWot/cw5o5LsY9BfOPt3WR0LWFNZuRBLwqglQRThEGiMZkeRutRUFg+yJky1SknpxSjCjrkTxRgST07vk1YPZXi9tWrQLpMp0gSgAmhHBOMJxDWsKdrP+Z8xKUKNdgD6hY+0auCurEoeNQlp4qdRKvmWDybfbhPKWd5VlB9FhRNeqwjfGF9qj490arYEK6FiIuDgYAu0njl7NcYRGbFLgJYTTK7IfEO9A+ye7z6mxKJ1FlXFNBYfLydbfB9gv6mEfonBGvonRPrFDPxAXI0WG+lzQwibVlUjw7DFVjtUTc83+/0gva1keqd1HlflaW7hZjeBr+qUXjMiDZSFFk99DKiAtDEpeKABLFuDAqmWZsc2TyuerV03/YEjLZGzzG39kzFIAdi2JoGR9mxlDvQF3hvl1ORMu2WbOWKGDVpAYsKDwYj3KxuqV06R5iZKQoZ6uFUY5KLRQozDfL1dGNmcsRfeEVBJVJLNK2G8JzsEnLd43xzXBo9ZARvrsr+HV6OJz72/zSRRZCvgP47gMgkNYoQYNsNSUlM6/KTstrhCH27/cD7h/qgjg32EH9Pw6DcrAQ/Pm9m94/VYo0b20LUp5VUr3//RvSMAmmZy0C3Sl7SLukaZQoTdIy2kcZaQFtfGeRoAU44q4eNsuMR5GyMQBehdT2T5ar86NXdE8oUImSv8bk6mLormtyc5T3hwXuS+KQHkpMJ6wrl8kqT4TaTcfwVTZVb55MtO8OSfXieGjuEFClpfJxBztP5MyNdmFOfgAsCq0k8wuUbC+64lLQizB9HI2jXqawkb8F4e2yYMZ98CajgE0UIcch/fIbkC/BT/mRpk1+wxxnvPv34uxzJXWJD0r2vU6UKQEEuDfp7tX0FLLgfp90M03b1Da97dG/Myj7Od5gjg5VWBVcl+KwUqY7hwcgx+lerMlEPnwehEatZ0pNbIiZT7nfX0xKrItcbau5quu4UGtWIlZHaNifHWYoM0D3YIVhN1Q9nESIOObSo+wlFThEfZ+ZW157c0zuCISXCWWKz7o2dLPLPZbXDvvDOr4lWd4N4G8Wyhozhy2MSAR0m5EXVDij/nMUZskgykvOWGJ0K76wMuBbq7HJlvu74MvRzKs0UX10Oibqht8FeOijMyCZ2E6JYDyYQ0NC3uTeC0o1avjpZNtuIPkGUxCHsEjFVLUYHHt2OgTG0npJQurWU4C7/2MUdaYk1pm0eXjvHO5A5CqNuZKUAwK5R3D6lTW93rUyUCvd/FWKcsRl3LZcZn3Derzs8ObI9YiuKwkf9vY7c4kd02cXr8e//F8OdQiq2fQkjrvxgrpMPQu5vmV</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:01:20,335 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:01:20,335 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150120Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_p6omqipaap3lrhm7yi7i6dlcgoeqswwomz9akdl|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_55a51950833cafb7c9e2983cff8f34be|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxNm1vX/yts/zCj96ftopn91ru5JHfe809OAQUE6yETMoTk+g7RB35plPwiXS8WW3T05DwX6VpLwz6JOcbNR5BY7wu6JFO9G9NrOgbMWa2F0zlb5w4b3DEgVQgPpVB7Skr43hFcwwxS0JTY5W0ZLu2OZ7kHERHqsg=|_688669f7e4c2e254e03ba308665b3119|
2020-02-28 15:01:28,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15523-WBX2CL99uC8n02DCNYk8H5orUg0gZp4x
2020-02-28 15:01:28,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:01:28,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:01:28,588 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
    IsPassive="false" IssueInstant="2020-02-28T15:01:27.560Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qksb+tE22DM5ZPlm6YF3sLX9fu654lmRZQdL914SYEk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
NTTMVr+d0SOaTKM/xmpENnB6shPe6G97fQDjPkaP8IymcNVAlJendQai00yFB1KTK7cIK0kPWUgI
isEWgf6rD7O8PpDmGXYJwoNs8MG1/zGuqkm8Yl5bnrqjYLD27hsMUqb5BSiI0x0ebXxVg2q3v20i
oqwMItLbxLY8DIzpeojc/03hNc5M7H6/sllsuJyZaJwZzGziTwEqeS4yXOhEIcbpngx2QEq3jq6d
wbbpxjmrIrqHQEsbD24AThBKNhanp/TrIyoJyaVnYU5CmGR7Ew9ac/xaBdz5LSX3NUAtZyqqMbs6
oUKshHyso19Ln6PMyAS9Grhn/zCjcBjDUiTq5Q==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:01:28,592 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:28,592 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:28,592 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:28,592 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:28,592 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:01:28,593 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:28,593 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:28,593 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n', issue instant '2020-02-28T15:01:27.560Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
2020-02-28 15:01:28,594 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:28,594 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:01:28,595 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:01:28,595 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:28,596 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:01:28,596 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:01:28,596 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:01:28,596 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:28,596 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:28,596 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:01:28,599 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:01:28,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:01:28.600Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:01:28,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:01:28,600 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:01:28,600 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:01:28,600 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:01:28,601 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:01:28,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:01:28,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:28,799 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:31,632 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:01:31,632 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:01:31,632 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1495383366::identifier=rick, context=org.apache.velocity.VelocityContext@32bb603c]
2020-02-28 15:01:31,633 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1495383366::identifier=rick, context=org.apache.velocity.VelocityContext@32bb603c]
2020-02-28 15:01:31,634 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 61e31e28ac8371d834ebb0b388bbba949c892731e34007a38eb17758c9cac0dd for principal rick
2020-02-28 15:01:31,634 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 61e31e28ac8371d834ebb0b388bbba949c892731e34007a38eb17758c9cac0dd
2020-02-28 15:01:31,635 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:01:31,636 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:01:31,637 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:31,637 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:01:31,637 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@197e68d6'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:01:31,638 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:31,820 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:01:32,396 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:01:32,396 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:01:32,397 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150132Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438092397}'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@197e68d6'
2020-02-28 15:01:32,397 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:32,397 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:01:32,404 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:01:32,406 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:01:32,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _8fe2e79f21408b501b7e5997ac62e69a
2020-02-28 15:01:32,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _8fe2e79f21408b501b7e5997ac62e69a to Response _458701bc2517ca2cf6472bd9fc853781
2020-02-28 15:01:32,406 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _8fe2e79f21408b501b7e5997ac62e69a
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:01:32,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:01:32,407 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:01:32,408 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:01:32,408 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:01:32,408 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxuRd8b99/Q162xBvoXT0rl/iarSyOh0OJLFm9dK8C9eSSdn3XFTlrv89i1EVI8BpvA8NyRmUMxCU+bGYoZZHWpU6BRjINk6YAwE1u8728kOFn3hwiTqbm8Zf/T+x/MTun7CaGC301Kid2Aj7NwN8B+Sbt+XOpyeo= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _8fe2e79f21408b501b7e5997ac62e69a
2020-02-28 15:01:32,408 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _8fe2e79f21408b501b7e5997ac62e69a did not already contain Conditions, one was added
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:06:32.397Z, to Assertion _8fe2e79f21408b501b7e5997ac62e69a
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _8fe2e79f21408b501b7e5997ac62e69a already contained Conditions, nothing was done
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _8fe2e79f21408b501b7e5997ac62e69a already contained Conditions, nothing was done
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:01:32,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _8fe2e79f21408b501b7e5997ac62e69a
2020-02-28 15:01:32,409 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 61e31e28ac8371d834ebb0b388bbba949c892731e34007a38eb17758c9cac0dd
2020-02-28 15:01:32,409 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 61e31e28ac8371d834ebb0b388bbba949c892731e34007a38eb17758c9cac0dd
2020-02-28 15:01:32,409 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:01:32,410 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxuRd8b99/Q162xBvoXT0rl/iarSyOh0OJLFm9dK8C9eSSdn3XFTlrv89i1EVI8BpvA8NyRmUMxCU+bGYoZZHWpU6BRjINk6YAwE1u8728kOFn3hwiTqbm8Zf/T+x/MTun7CaGC301Kid2Aj7NwN8B+Sbt+XOpyeo=
2020-02-28 15:01:32,410 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:01:32,410 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:01:32,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8fe2e79f21408b501b7e5997ac62e69a"
2020-02-28 15:01:32,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8fe2e79f21408b501b7e5997ac62e69a and Element was [saml2:Assertion: null]
2020-02-28 15:01:32,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8fe2e79f21408b501b7e5997ac62e69a"
2020-02-28 15:01:32,411 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8fe2e79f21408b501b7e5997ac62e69a and Element was [saml2:Assertion: null]
2020-02-28 15:01:32,413 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_458701bc2517ca2cf6472bd9fc853781"
    InResponseTo="_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
    IssueInstant="2020-02-28T15:01:32.397Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_8fe2e79f21408b501b7e5997ac62e69a"
        IssueInstant="2020-02-28T15:01:32.397Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_8fe2e79f21408b501b7e5997ac62e69a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>psA/9xxoVJtuoVeoN6eDqkvnebNM+J+Cyb5LcekzlPix1HgH/4YWyx9TCO2RZxsa/OWM0SdkJ/57oOMZk+Pxgw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>LauIeVWjK66dzCumWS9clKiPweJSYfopqvZKM9k4V6pZQT7QaFHqgm/0+dt9zETnVMz5BYSOt83vvr+H9f7YZd6JZr2m5kHr6SRnjrPKvtQxg6+I7j7WVf/qDX73f23Zq0nlZdkToVNFLLkN3zNJ7IsEqBW4iuUwieqwa41kMXZR3U4tKowXgxHKr6pJ6vK1Q8pH1eAKq+vfN5RuB24mswEGZo0BjaagszeKC3oo3uVxFqX4tzgMIkW9bOD5DkIqRZg3uTmrwpqiBCFVv+JvrSQl7fasIS+Ezum0aOdnJTUMCpIcdPov9x18dYTHscNdIF6SD2sReyFyJhpFTfWlaw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxuRd8b99/Q162xBvoXT0rl/iarSyOh0OJLFm9dK8C9eSSdn3XFTlrv89i1EVI8BpvA8NyRmUMxCU+bGYoZZHWpU6BRjINk6YAwE1u8728kOFn3hwiTqbm8Zf/T+x/MTun7CaGC301Kid2Aj7NwN8B+Sbt+XOpyeo=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
                    NotOnOrAfter="2020-02-28T15:06:32.408Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:01:32.397Z" NotOnOrAfter="2020-02-28T15:06:32.397Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:01:31.634Z" SessionIndex="_5d8c33a4b0eff10caf8c9f1124d6265c">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:01:32,414 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:32,415 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:01:32,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_458701bc2517ca2cf6472bd9fc853781"
2020-02-28 15:01:32,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _458701bc2517ca2cf6472bd9fc853781 and Element was [saml2p:Response: null]
2020-02-28 15:01:32,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_458701bc2517ca2cf6472bd9fc853781"
2020-02-28 15:01:32,415 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _458701bc2517ca2cf6472bd9fc853781 and Element was [saml2p:Response: null]
2020-02-28 15:01:32,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:01:32,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:01:32,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:01:32,417 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15523-WBX2CL99uC8n02DCNYk8H5orUg0gZp4x', encoded as 'TST-15523-WBX2CL99uC8n02DCNYk8H5orUg0gZp4x'
2020-02-28 15:01:32,420 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_458701bc2517ca2cf6472bd9fc853781"
    InResponseTo="_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n"
    IssueInstant="2020-02-28T15:01:32.397Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_458701bc2517ca2cf6472bd9fc853781">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>s712Q64ygZBVAWEJoqgkQj5XQhWBMcWUHoBpdxStKLKHTwG1BKmdNeUA7GM+Njkn2vtwFG/P64jiydNfAHs5Fw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>lcNQ8znOsmcZkawWT/Lc2ZnqtfDP81iUm2G94rn1KSFfQqVtXS/1vXTHgp/ZhFzl1Nnv9CdmDvIvOENYidgjwGX2tjZo/6sO0H/ycbIgRon59H0Ygsj5V1UfPc6c+O2GsR+jUnLdaZDmeNHgNguyciIe2Mv3zWxv478s+Meh6JeN0ilB7E5Oo03LIK3x3vsqi7ranux+M24eBfu3F7636JChNBf8TFUPZo9yODs+KGZD8xzKV91PoboIIY4GaO+6tnvvykLRjyvGABxSIN4yGR+kpczHwY21ngkuCwPsCWf6BYc/veDn432sQFTVTHrENAEqz7m7KGitRlayOnA8lw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_cd907673816b6439bd85e4a0ce218308"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5195e6c46cdfa7744c7543ee6ffce8ac"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>b5P9VI+ihCeoo14mGlgvuC8xQdLjKVuHfmCU92CD7P/Ui+8MhAQ7Ona4o/GHGrA1PGmqiRd2JVmjCTl9aubY00+tbP0ZJT/VHXhLJxbkDscYz7o7mrMjUuIHaDrsUOMvKj8/WZCvfycbFLosASTHdBHfeIZUQ9u7BCq/i0HUPQCR4sAeurfRIBDTD+nSRaRK0gkIjYO94Y2QmwERkRaVkuIXP29gSnYtPZJjUTn8S9xj7RX8wt5BT6AmDUqXsaqrb9kuq8f1QRPi6kCBoYQhQgPZsp9NRnEqH/5Xh8tFH18eLx4ParxuYnhOesOUuF5PG5+Bx3nuR0gcYtCS8bM9og==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>30nr3ta4wbZ3FzIDsZ1+WVLigU4X8+l8eCbxuCU14oK/RT7iSI6Nf1TvsR6mwMPmTTzeQFX9FBmknqpoOGLBsdKLQ+UfcaO2aPy+WLPkq4cMrIX94Ziu08TEs7Ps8ktkCbRx6bG9nuRX6xCYK0n+zxkNSc61ZNmPCthLPej/ltzE55dCBvOvuy6W+18WSCp2yTlFAgA3UHIl1n+MEakPnVri8Ffy+gzad0uCA85S62G8sAhJA4RcojT/BLE8Dsn8rNsU/oR1MJiYfMHRnl9mimv7HH/VRrT7LscFkQRLbXOFGf79dDPUZfOI7OaT+Gn/boom7vFcaGQRRPCn+y9oyw1G3PNRbz8muRSNJXklzjfjrO1EmndXamPtOCWBrw8oWYS4lY7iKFL5GfKF23PThtihlS+mNhToTJO2oZpk7Goraat6e7/O7ZmPq0in8PMNJ8oqfbqIktAZCbRLBfp0+/RoroH2tPg6r/tq2VeJZE8JYoTp68sQkJ/i0uouwWvIGj9XD8qbLicl4lc1rS6ERSh1d7hKi75rzDonLV3s03ca0HN01/9HIB9ItqrRU4TbnetkRxFBNPCMuv/Gf3chkK1q9ZaKehLpJrS2eWUHW9kDrXDWDQX1aPBzhWclt4V9/bGRWetfEtgbBNrQmvTaFFlqVPRyj5PHGqPjJxJpeqlWiBWMKWHQFNkxSuw+diPNIElkCfiPKclJaX/wQVXwTrizBFfGQnUl2Vsb7smJfft67ILQr8/TdjO83UXOOrn0q+hMPSpCfwTiysNh2p9+q3lkvlRVC2YGGvThBoJR4WKCivqRNTtmwPeF0n7avu7U1zE4fsQn4emfpI+b6R73FrAkql2Y3FA0B/o6nXWkfbjwkAhHCL59gsjHg/fUwdQscbEcj0iVZnE4K8d2QoeNW9tR034WSpb1v9O4OHsluvFtHhzD+oyIO6kSw4P/zZzU2Tb5Otu+Im/UPCH+qoJiEhVXKCsl0LjD+3czNEhhYP4I2yKmA9mEs0zo2E8GiZ0vH1cY/l12DPT48abRke9yf8+yBdmdmGYyxBf0YGUAbkzclzGswHtzR4/nzR31qLuMtGp1Kph9AGQ7BOhJYyyHrmmIXLaDE7YIwD3qzT3VDkzMb3UvC8Se/o+KvK4cOGhhoyHRkr4PZxXx71tmCABcNZpldqRAtykjUFKd3mWU0my25izhUo3MMzHRvPklekITLD9afSrgP8Wx2IdDwPp9yyqKMst+ea7A4z0+ow9YAU20UM4N1bD0LB/p3gdqDcsLImCeOqyZwacdjIp2XjByp3n8/9eLbi3EP7vEjxOMyiSSCJpSAL/rSGGh4qTr0hIEzvaIq0adwhK63FMNE9gD4asKIjMjnuFZbtGHpAKwR+PIJtCxRYnYN2q+BSliWcRIeSJk0zC3WlfmpzbnbGIuz+PKyw1/kOxjDL4dLIG9FKtScK4DWXc7cJFVE0fJTpGEFu+H5P7sgR3F2xpWPB1ZFDFhAccIBWlAvEkdEKBu0Yc5/xHi0Wn7u5xdketc7EGTfh60GVCuyJvv8ZTYz0LWOh/5k/eSZ6DuBaOgB1tZZyhSfaI8zTQF3GlbsNHeLCHiRE90bENaz/zbsoy3iTt1CpDL6XyFJLA/cLAWy5Ic5Fybag0qaFPEqjP8gYZO7QSCtypZaodca4Fd0Kc7oX37zDgBrS/OWjnIRe4h2mPe5YDkdcI0XHTcRkpkNh6/LNsB63PAzE6U0aSlibjEha8cd5VyYuE64j6uTIyvTw58GZLqMIHKrilBtjSYJUJoyEspZ1ltoKGenhthuHDZ5OJHWlf11fXjZ5JNadubmwnbcA35Yb+XtjBL1ufMs3sZzutd0ck/mR2hDig8lyJlXwPqGibxmS7jQ0Sy1EoFpSUhZamxmDbNubbI4ZFBRv2ROy4C/XRg78CAh8p0gRLDrF8cb24Y+TbAyHK4/PBJeBtYJl96inWg2zSWiJTy8DwF9FmSvXMLuqUatSVFdZmix78vx+/uAejl1EJfeRhixX5gIF8wHlrjrmBvgbPDHw9cctnQ/IsDgpEI/06TjlE6QH4q8v/DbkWDwgI2mpaxcrEF+wiXeLiIOCvSosC05j5/AajSJcyGmmj7Eugy9t+z2U4HnUpXEHobVFTwGNt5c+XedjtEWX4VyRhFmEe2UgLWNlhNr9Y64T/AgFU9gdevPNvitkUDtLuna/xt39llddpkhk1B7Dfl7SG+jLCO04RwYdFnMsI+LOi9sdP/EbTFCkRruYucoRH9w5810x3E3kCX1JxDp8srRYvhzyOL3gnFti5xoMFXMeuIgcMGf8HPQn34UMdk3fD+JDGEvrGCH+m3/1xAwDz6OgT+UZQoSRBRO8Ak0CkPxQ2MJmGJBWbtoCes4kUhyjqtKqAWaM5IJu1OuvsG9yzTwpR2hWz4Cdyokj+E0HVTuxFqfO/2J6G8dYkaLfVDtGi+6/psDNC5PrKg0jdpu2PM2rDi2HQ2ViMYwZ6hEcjyZ3Qdh31v9MMwfzxMmRN0x5dRKKKG++bqcArsVBRUj/Ak9LBiH2QoIwfu9xfJ0WND9nCRYuhWfKkco3e2Me2hAwuqVVrjus+AAp27a7Id5LPkavbHBbXXLajxs/9kATpx9Kwsn3LIgbFPRVUvxbF9ezgkKw1rmBd3yg2D2Xz324sFjDiBFLRytOY7BvkmJfd6TJCebxhsL1+1RjCtDOyTrGnW+ehjKZ8lqiOZW0ddVHLZg9a9u1iQP/Je0ImY+e90PZt+KT9V2gIowwl3Jr+Z6yI08QHSlpr7T6AHZ5CTr+mpEeD/rY9eyXp3x0n2QO8UaRvw0GLTcuX0lu4qyywkd64NFdmTTSxaoHmhR2ci9JtMGovgaPU8xfxe5d1th2H8PqS2CROb8NfklFWrH8tL4b0fi/PEOAOUnflp0wDnvARR7ibFkTz1Uw7QHoYOuNFc6lj2wSbgKQE4e/Bkb/r6kHCdb+Nze4ijz89uwc1orfSXgihpX+MCc6kqA9kMOiFxrHqx4DiFY9MbnMELzzyeSKFesj+kna/38uLcjeqXvHGT5tXQucuhT2O96mV7B9MzCUIWsN3cZOZmhniUxrHpjA061RuODVM9iSZwNSWYy0IN14YDirTAkEGXOZ9S6pIYA1gfrxvz0DSaaSJVzDBP/4/IwMy695Ag67CAj3MO8CwVyiTi6Lym5+xTB9H54vha4TmoCJKWJuH9NJlyqW7XphqRZ4iZnvKOg1VZjvXJaRM+MAa6sCMaAg38Kcd/DVnBgeENB2eHGzdk+h3MSe0OUr5bsIW4aB37scHVWwctXmI5o0zld9zG5LL9hhLmas8nE9HfYRNFlMmBrFBUFIbs4usYlJYJVn12w2uFUfFONg5vDoTjvlUF/thMkiEGdK6xe0X+20Ouffpk/hrMO8MRtPaIn6o5KbgTBO7wkW4/Uiv2QVeM3f3zgUc2YAWzse2wkqdaxDSWY9R1RXqSu/2E/6mzdBz98tc1gNChHGo6jb+nhaVWo4hyO1oK0NzkYemjrxmAbGtWTJSsDCmweKyecUjIM/Mnx4FVKGIU3Gb/lTwA5S5Uhec11wFyHq6yAOrtxDbUPoJgI7zRDoZTAARykq7mVsBlfD+JrJIvCR09EF+wUCZ1/KgQ41mLil3t19egbHRP+GkcEGvwrhxnaELf4g2KoyO1Uxa29iyyq3MPLF87htmyp3ybY9Mjm7KV3OwIgxN7dn8e/GM89p/HGciS47UdAoZkBRSykNIn4TfZlGzE0I1DWQEvSqDKAgOTtcnJwbmqtlrOtpyKFzavHazV8adFEeQaHvddfZvS0pRGvu+huEuRmG6qNJd/yFLHhCuFtZsZoxsySPHoR7HZRPmda8M0ebjZu0HtT3mRVut8EDRbeei5SX9+gW1aUiliLCR6qiy185f76h6witp4lCB8a7OZRTSkvn07XJMgR3ycLNyU/s41OoaF3T+3wTWf7Cor0VCOcrVCN6uz92ZQlzXrow5yrt2oqOLcyMCR4Y0R00pdXi7NMy0m56HVbGJqADnqpsJW4+KeVajC61kvTbnxYShyzdHtTVXflPMpxeAcPoGWfZSproXznJVX6VVDJOf+m8r9P/ue/AokR+heY1RQe941rBwEQDHFgySGud0itz/nPPLDLu0+YIJcqeWITaimcplYrkVLORdPLj/SBaDkML4QTXVgLgHCHvZLpYBBsRYqq8kgiNafIHoCGi0nC+XU0DBpL3bZi62Om6fc0JhCheO4qfJM9oaIoP2Ptgs4bwoqauiXjlBQs+dwGNjX5sywEh3kRQa7lFHHzyvf4ewukZXc12lgl3aMo/lGbTN1umwk+WVDPjvDrCIVkR4CAqmZZH5Kk5yOyHJvdHidnpMXzKJwLjYBXUCt+KHHgTfN/ggiEIVdhpiUlObvbJZ3f/K2zS34uevy9QBiGn3ErlZ5QgTvD2gKRd/lZw5cKMdYSh78SxxOjFONe/xIl6TDWlwVty4/Dbabk1XSpJmMkye2UUDaI6refAXc3o85F5BmDtnaxo9qbueMqNngFOCISU5rHaEUWjpWxKMJum0Va6nWUL29++Jq5DWxoO0KboYwmmgDBxWLDRp52/H+4BsKwgQfZjIQdzWaEwB27xRB6j+9Fhh5FtpJ0B+i3wXCHEpOXV+XPivPMBtZZLYQz87p21bxqGH8ZS0cQkdGzAK46OhneSIwWktbPLs4e7ARJ2PkXNoawRWsWa1hmCpRxUO+hVgoJ67ZGSN7urxsMGdeLLW9irncco5zvxRHR4pynHc27HHlIqLuZ7Ut9SKxHFKnIJWxgg8zMMT61//ObUtvLlKrjnTeRHTgxZFzoMv5yDXUnc9nLPfVZ9rzRKZTLWx+OCQNue1ISpvdP70MUy1/EJXfmGKA6IdLb/cilv6A3pPGGW3u0EVCGrRcWxEOqxllyuHZ/irleyrx2f6y9+Kt20KuMbQwNVVJyUDLtrUXhjVGpYXRMZHEouEsxv9t2NznOGM87gT/y3qwXYFLrjhi6ofduD89DGys1uza38qgBrOEQ9E7CeznYHA5LucRk0sxKyRkw25YFkWyHdCOgcC9UfzQYz+iTElslVghzbjVwSbb7rxsdbumwVEpuOrdaEhzS8uauB6KB0G0ERoq5gDyEpAS7tpe4hOH5phkayf6wgTVyFZfQ8F791ei37+ksJM2zVm6sc54dtjOfdsHUMvA8dgspLplcSXRKPUo5ER4hDuS9VVnZoonhz/2pRCs1EKp+Dw7/Lu2hTW8u7q/gNzXAUvTQyS4Zdg7Ok5yqROQM3yNOfC/H3Kiz/kJFiGaTBbwGiklOObkt1eUeHn3ZrUkaVICeG3ApOhOhTTE7qJWUQZ04fd1hqekISZs0A2J1+64mOLQ+Fnovm2Ln7MLrdrBaOw+lemcZmtfHDQ8QBHfd8XjW3kHCQtlEijvizEp95Nm+M0CB18QrjWFmINnnPGn68qY1AxVdj22Ojw4EfV7Gv2OXZKav8bkKtQxwHpdt133z2MJwQCbvLOxljBqwgpvm0aZQjT3+43TCwcyoppZIscsYlXr8sK/z1x/2N6qbcCa4JQoJyDCrztCd15Jsby6cN8T5iw9GGTfMz8UAA8f6VKvWi8p0SaNTBeqRMay0U2HFKF9qVHJeqKoJlqM6TfYzTAgPvanLzOuSdp6G9j1Nd6zXSAoEg9BTpCN+Miq6PryF+L+K6QSKkaQ2ZOkHqkVTDqOfk3UCLmuapb1fRfJX+SWz2yhU9DDoY8QQiDu4byxZuqKl4ocAKuAQwIsr8TT4qxlE2jyuqJWsOpEN63ItiLUuYjxL355lnHaLdGvDEYD/+ACEVlLC8Tg5G4D1IzbalB74V8W4qEty0xXuQ9hQbv0ASJGkC5tMoU09e9jPwGoF6yMV9V7DU0Zvu4+zvhrEtcc9fY2gh7E5fx523q7t8Y2J808hge8MCxoeA+YGTv4NaAtBVHXq9RDzBWBcarkTa9pn0Aup5hfp0H4eurAFspjBol5dvuUFFxNSjf8VeAwO9Bo9znguFzx/v4pCm9MbfGlRTM8BK/OisXNc1zcjaIt0h6VNvGa+XuDvCXIy/0JEK8tfu1Z/NPt0CBcezZWwfUKFlmT8Roo5mx+LUZuG+FLnisZt944mAsY1TRPrwRF7S3/qHdGxhym/XYfmWiZ05XNKKe5IKNBIqmcUU478GiQCnJjcdqpg8e09nNEjKSnOvVwIarDAF4K4GC/UkZ4GAQOed5jZ97ghejqwEqpqHR4JcR6rs2JdGfxGLB+teGBLeDLBrIvatBsar17pe43A0f9t+oT5r+EhxHyYEhzltPTnT9LkArMgPDGQI2gq5Uo3mtd4dTnQR6fQ277GDn/hol30CJk2ajDlushWB9F2cYJv9ZhX3Vx4njTl1GRnfC5Ha6mYjEZY/Tyl2scONUG7B8sNf+SizMp7r2APj2jj+0e0tXZCSstpYa1fJxhUgIGo6LPLE/JIpF/+FuWGG+3MQ1oxJqXyZ3OzQaQqqe4oXcifLZP/+1zLmEnr91cw95JmuY/IZ1HFj4mVOB+YA/XJm+kgERbSeGWcTA4/US/vaJ9CL9v/1Bh8rNW1kU4uOIJCjyh422Akwu3TpNHLHBFiypZ2ZDS9aqft0hWYC+YN+0y4NVAZac9c2DDBDuJpQH3b07WmI5BstlwhDSt6kwyVBpQx0gZR3uqFq7OQovuwgz3Sk0G9kEb1uACQVNqcpj/cdJvC0LAtzhCEDPK1GvcixwSlBxWq6acZPSo7ti8gEzvo2gKTEVZXh1CuJyYdSY65ux4oEVCPL9kS3aNbQmYkB40w0rFAvuakcS2B8xMGqSrRFsIfQVaabKy8CXWxeU81cqX0queSd0c0e31zNmY1OHWZaWirX/ndQELJCYORa6AbKcZ7oCxy6kIwo8R58G/4ubGeRDa0Ow+QLjXYxh+wWkuN5q5Sl/YpNtyXI3GY2JK7lt1Z05Z5vD4hX6d/x+SinMjsxCzuX77CyDuiIwUBLZEG7j3Y1NOBLlpO1dww23VSf0m1ASEq/czcSGCpQkceWHMEgBGklzmbLsE7jrhtzrspiy3GKoiw8wY1TRyrgSI2l9i/hzb+6k+xV9FuhzpJ0IcHZ0FismqavAlVXNjFhWLSEulMWFcPhkJDKmqizJmyxzvYm/DDRODrj6olLXqWt0m3AZZhcwip7O64Y7Rx7HkE70rhbZnNmXUJb/so1n8qkVYxP1owt9oOd30Iha+Gv+mgvdHk7/zw3RX1cNwROP45A+nDyeRg6E0mq8aWr3IsOtwVQxv30vXY0RlaBGXtEPZ/bbgd/pTfaZ/zDQZI201IZtcT+MCQ0jESZeDskTssUk7SERzfJX4H+hUV3ZkS04gdt/85S05vTYk7h+zdCpW30gejLBiBmCKe28kxBj58O/LyWJKX5p1Pv3V0NCiPU/uVSRb3oLK5Vg0+AZDsa1LBLbUBXd5C+Gl1x/pIm2cmyl8Gg5Rti03AY6JcdtIzE7IVvnxpJsAgCLNXccAnak9CubExnV+vNW3v1dl+BNIemO6P0Vjlm1Eqb4wshelwi4jBj+IAMko6MDckJErfUK14DvW8EtGzAMRyQa88KrkPPnV/9KNxTyPESNZ3p/7pJ9iuTVmampUfhwEH/u+ZTIldWUsNSCh56tJFupwwGNKdHA/5erEonun4W7PlZZT4o85hp3OieYI214VaQayCM9OQFCqIsaq91sXKTpF3IO/y1ehrNfKQxZHRfthzXFpVv6rJOV+0S7psCkFe5LXffAcaxl1r5GtG5P7H0qTTr8FEK4U6plLxZhtBWU4y+yM52wirIaDcmLDuls4xSMbMSM+9DZJLYvpUuB2WsZMR0FeuJPj7+sbkrRSa0rSthdwVXIS9erLMtsy8A7bEKhLdJI6HFqzF1XKKdzPCJLzVLL7KIqTnIayqUFP8fiLVULxzrv2X05beHVnay7LzC2SeXOq1gaxV4m6WSGdHc2ynt+yUcV3QpQbm3ir3nuieP031NzEhWRhb9p+RNE+KRzj/oPAKTwhWYcYBpPRAKGGWYEhJgBR1elywb73E9gkB1BID+Z5+7rmdXCELdsrD8y9nFNujlI8fM70bqnI5PCI9g0HnociASnhCQzvFdiC+iZM</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:01:32,420 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:01:32,420 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150132Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_0ki3gvqvscfret4g6uogjoujvjy6jzecf789g8n|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_458701bc2517ca2cf6472bd9fc853781|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxuRd8b99/Q162xBvoXT0rl/iarSyOh0OJLFm9dK8C9eSSdn3XFTlrv89i1EVI8BpvA8NyRmUMxCU+bGYoZZHWpU6BRjINk6YAwE1u8728kOFn3hwiTqbm8Zf/T+x/MTun7CaGC301Kid2Aj7NwN8B+Sbt+XOpyeo=|_8fe2e79f21408b501b7e5997ac62e69a|
2020-02-28 15:01:34,743 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:01:34,743 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:01:34,743 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150134Z|http://localhost:8000/saml/wkWYHJwehFeBFfTC5|AttributeReleaseConsent|morty|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:01:34,743 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2ca68c89'
2020-02-28 15:01:34,743 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:34,744 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:01:34,744 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:01:34,745 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:01:34,745 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d87218e4d3994c2ada468888071e0ce8
2020-02-28 15:01:34,745 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d87218e4d3994c2ada468888071e0ce8 to Response _4569ee59b4e2c86e7e45730c2597e19d
2020-02-28 15:01:34,745 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d87218e4d3994c2ada468888071e0ce8
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute identifier
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value morty of attribute uid
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5505 of attribute telephoneNumber
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value janitor@samltest.id of attribute role
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value msmith@samltest.id of attribute mail
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Smith of attribute surname
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Morty Smith of attribute displayName
2020-02-28 15:01:34,746 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Mortimer of attribute givenName
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-02-28 15:01:34,747 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID msmith@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _236e4e03-18b0-4a57-bf5e-a9b61452d080
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8000/saml/wkWYHJwehFeBFfTC5
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d87218e4d3994c2ada468888071e0ce8
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d87218e4d3994c2ada468888071e0ce8 did not already contain Conditions, one was added
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:06:34.744Z, to Assertion _d87218e4d3994c2ada468888071e0ce8
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d87218e4d3994c2ada468888071e0ce8 already contained Conditions, nothing was done
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d87218e4d3994c2ada468888071e0ce8 already contained Conditions, nothing was done
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://localhost:8000/saml/wkWYHJwehFeBFfTC5 as an Audience of the AudienceRestriction
2020-02-28 15:01:34,747 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d87218e4d3994c2ada468888071e0ce8
2020-02-28 15:01:34,748 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://localhost:8000/saml/wkWYHJwehFeBFfTC5 to existing session 552409755547db18b7383083008e0b51e048207f264b0553062a0ca25c19d030
2020-02-28 15:01:34,748 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://localhost:8000/saml/wkWYHJwehFeBFfTC5 in session 552409755547db18b7383083008e0b51e048207f264b0553062a0ca25c19d030
2020-02-28 15:01:34,748 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:01:34,748 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://localhost:8000/saml/wkWYHJwehFeBFfTC5 and key msmith@samltest.id
2020-02-28 15:01:34,749 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:01:34,749 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:01:34,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d87218e4d3994c2ada468888071e0ce8"
2020-02-28 15:01:34,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d87218e4d3994c2ada468888071e0ce8 and Element was [saml2:Assertion: null]
2020-02-28 15:01:34,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d87218e4d3994c2ada468888071e0ce8"
2020-02-28 15:01:34,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d87218e4d3994c2ada468888071e0ce8 and Element was [saml2:Assertion: null]
2020-02-28 15:01:34,751 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_4569ee59b4e2c86e7e45730c2597e19d"
    InResponseTo="_236e4e03-18b0-4a57-bf5e-a9b61452d080"
    IssueInstant="2020-02-28T15:01:34.744Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d87218e4d3994c2ada468888071e0ce8"
        IssueInstant="2020-02-28T15:01:34.744Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_d87218e4d3994c2ada468888071e0ce8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>3SkeA+iTSft3v/mglzKeMg/1VCkSeD+5qCTqZ1wCVFg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>g2IKbVMIQwNw/MhS36K6srTrbykyRPjHks06AYs0DnEiWykIUrhZkAFhGE8AXgPoMiyODRa48n7XJ3hxD/G0WkoZ0mh/fMFsaMZdaf9AQgTwVHZKgx7h42MBvxRQQSw2ChFGXSRZtwjO0kYsmSysVVFRAHWIZmNhZEPbL/c1DvDBuvbN72/tucJdiOobjpASeZE2kbeSgzVKcsAvK8EwE2H+MEVI9PCwvDovUV/pVmCxztL8yNgtxJ3FcMAvqM5GFmGRmD/xFxuMKV7XlWnFMWFs5H2BGSZ09xa+cc6bvZRzMnQt5008N83xQT9Nydm9JHKJYlbdj9ioehRG4kJQwQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://localhost:8000/saml/wkWYHJwehFeBFfTC5" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">msmith@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_236e4e03-18b0-4a57-bf5e-a9b61452d080"
                    NotOnOrAfter="2020-02-28T15:06:34.747Z" Recipient="http://localhost:8000/saml/wkWYHJwehFeBFfTC5"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:01:34.744Z" NotOnOrAfter="2020-02-28T15:06:34.744Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://localhost:8000/saml/wkWYHJwehFeBFfTC5</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:01:07.667Z" SessionIndex="_a5c60a2b427056829bb829ed2970a77d">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>morty</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5505</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">janitor@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>msmith@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Morty Smith</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Mortimer</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:01:34,753 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8000/saml/wkWYHJwehFeBFfTC5
2020-02-28 15:01:34,753 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8000/saml/wkWYHJwehFeBFfTC5
2020-02-28 15:01:34,753 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4569ee59b4e2c86e7e45730c2597e19d"
2020-02-28 15:01:34,753 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4569ee59b4e2c86e7e45730c2597e19d and Element was [saml2p:Response: null]
2020-02-28 15:01:34,753 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4569ee59b4e2c86e7e45730c2597e19d"
2020-02-28 15:01:34,753 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4569ee59b4e2c86e7e45730c2597e19d and Element was [saml2p:Response: null]
2020-02-28 15:01:34,755 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:01:34,755 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8000/saml/wkWYHJwehFeBFfTC5' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8000&#x2f;saml&#x2f;wkWYHJwehFeBFfTC5'
2020-02-28 15:01:34,755 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:01:34,756 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="http://localhost:8000/saml/wkWYHJwehFeBFfTC5"
    ID="_4569ee59b4e2c86e7e45730c2597e19d"
    InResponseTo="_236e4e03-18b0-4a57-bf5e-a9b61452d080"
    IssueInstant="2020-02-28T15:01:34.744Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_4569ee59b4e2c86e7e45730c2597e19d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>JcjxulOAbdOAut49Xsup6rPGbUYxWA3mdLSGRDkJ78g=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>UTfISDZ9OUo4Dow8Txh58HP/iLpmQc2jYEs6FU9B6wry2kU+GHSvRU0uVvvLbE/ZS30RXNAqflSSOA7NktgWdKagzdWsmf7zJ50GeO9Ebrh/WpZ2TPXQenNqPJezeMHWae6EPcyKb3iq6rSaMHx2pL8TwznoSOoUwaSrwyUvLpb2s7ICC2FH/+ZCX8drGC2lYoYocKpkD02D5HxwEMIgAHoALARpovlsSnLiu5b/4RdxMalQ4l0rvylmg9209MKU/mpHoDscfnFc055JwLhRaNraRuWfcN1ttnL/lXCh1Bkh6u1fN1YWoop/A+wCSfwPuDF6bd3UEFWTpVC0Rzwfyw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_1cc0967f767c64793438dfa3724c411f"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_fbe4e1f28402996ae0964ebf2c141739"
                    Recipient="http://localhost:8000/saml/wkWYHJwehFeBFfTC5" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEIjCCAwqgAwIBAgIUAPqFbcQisiyyr7D8RMj6xoXRPKMwDQYJKoZIhvcNAQELBQAwgYIxGTAX
BgNVBAMTEG51Y2xldXNoZWFsdGguaW8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
MRIwEAYDVQQHEwlTYW4gRGllZ28xHTAbBgNVBAoTFE51Y2xldXMgSGVhbHRoLCBMTEMuMRAwDgYD
VQQLEwdNZWRpY2FsMB4XDTIwMDIyMDIyMzUzMVoXDTIxMDIyMDIyMzUzMVowgYIxGTAXBgNVBAMT
EG51Y2xldXNoZWFsdGguaW8xCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRIwEAYD
VQQHEwlTYW4gRGllZ28xHTAbBgNVBAoTFE51Y2xldXMgSGVhbHRoLCBMTEMuMRAwDgYDVQQLEwdN
ZWRpY2FsMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAmaEaimZ8Vo/ptX6JCxQd8s
UgmqOcyHosrdzfjhNQJUrhhJJnCT15M/xj7eNh9qkIUB1xWA3DXx+AwH3H5aTZdY2Dmw7rv9xVRE
kexCvbSxFwuYIGkvEFZFSLbCm5n9hvuClN2uwRgz91/8YEwDUCj6GqgsIsVFiNQrOotvP+SE/wVz
vqOCCGrbny+dSKq05UelMjGxE2LYCWLdUnArAzIdpCCPTRJfxx2eSdZN9ppiE68ik0LFj95UMwMm
Tyq3j4m8S4f7+BgD2QmNqE+s7PH44bKx1hk0yaDPNxyXBiAac/3GeKZ/WmqAoO+cP2ee54gWDRp6
3Ig88WXbfVWjFQIDAQABo4GNMIGKMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgL0MDsGA1UdJQQ0
MDIGCCsGAQUFBwMBBggrBgEFBQcDAgYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEFBQcDCDARBglg
hkgBhvhCAQEEBAMCAPcwHQYDVR0OBBYEFCw2YWl3Pzs+NsXlTpwD1cL+lSPwMA0GCSqGSIb3DQEB
CwUAA4IBAQB49PgenJv34xXjMw7+CoUbIIo04awjfHT+47R2+HwM5OGgqCveRXx/2ysMCjrHteTJ
bwKbFwdYs/6sbZBHEyKkrSZoJHYC2ffTzPoS0+5wwBVkHcMQRY6591SfLlSnYFaGC/Z7mM9xMtmX
BNTEibUrZLqt0aW54NhSIY8sudePnnOmeB8BcyJlrRf1vfQCHgeoGHCulnx+3J0qOLs6UYLsvVNv
mGS3BW2UMwWL9xsMW2ORES9uY5IAB3KeSletarIDpKChmn72B5vUOwRtyZMEf7VCyWz+1JStrLFy
N6iIc2qoxrxCQH66OPdHEU1GBbrwgwdNs1pVAHahzuJIL1rb</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>PWKF7yxnFIQBBjWSXpVBh1KibiKX4X7pOM2vDJP/FVhdhXDA2fO8SKktAEEDQLVtU177rGhrwlMW9DWAfVbFRMvNru192YrJOpHcypS3rRMjvg1Dz1bDU0+1XiquTxPEoR+J7M1XeqDdlgUW3bPR5PaM1kT/scKfmgMoAM3EY9CAnfnvJ9kMvepmFgC86DR1NCUlp5tcWGzlgfiv62UIB0llBOkcGA7NQo3BaeUsgalXsoxZrpNvn+BZTgPoVH+ZUTfJifDk787wYerg8m71UQ1D9pqQ51tzicCKFTDecJA1eSykG0l94xHvozew6uDipdin8fu8yQQGLg8ZZnzHJA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>/ZwT/1NYkOHGqiBxB9oav3qNcR+0+GeW76As3JhNMnj9wI8ytQHH3U/w3LuQqIDCgc9Q13ueIHFinQ7N90alDApNFwlbTF0KLdj6AheOGKFSckQ/AccwyztiqqkEmXleo012ddSNIWVW6tAFwJ37N3ZfY3obUg8SK/+800L/gSi9FO9O6SpnxqsvmfzPtVuus0RnztLzpWcm2DH/M/4PEOsdd48QwUkLXFlkp0rTJjje/soY2OnzqF/M7hk5OZQJNXRse4KfCaRKwHXpQtM76XCXLBSWTtBBSL0PGBQa7lfdbPmTODXs+BquNexZ0dBrLoeehDhCZCxYi2cT3UUDHD8iTZ0id59dOe9LYuwKVUI6GgHu3OXeSD0p/BiHy55ue67YWRmWKogXvo+udAwhWBt5Tk7jiLHvVnQvsMb5Oyl2+1IEj6W2Pe8lkG7Jhhg4SxccbYtR5aQoKGAhBTO7us1rByn/1mqXZJZoVZLKDhgl1FMEyIn15bjmrm3dXu/bE7llZt3rlufnBocL4RaPfSUoqqvI7yuUVPNuXz+w+q4LRYOb9v64pu6ph0RpMnw6JEYqtRKfOHV3fgJQfJ5bzFYa7gk+iS0xbvzOu/cfsSNWyPyN0ztOTNNnlvCHHiBv5QvCo/yvm/E4AVq+3jFK0f3bkrkPOyIxRUrXVUT8OZ/I4+uLg2HZOCT9dUBrqmNs+DsHnKzmcj/BYrdAnFoMaXfiIGGXPVmmlL9Pdaf8RtMX+PQK010t8QV93yDFO043pTRxEFc886KXqHIeMI73HTgcneke3bzkRRUHc4LV7C1VyNn4Osgx2OBox9jUNAoh2R7og4vd6seub9gxbm0m4bOJQroDrUxRjRyRc8lCaQGwfvC3rK5LSgy+8fPeMLJcmxpHPeNuRUfDYVV/wqacq4jEwcfk2sxKQEX4jJgAQm40REtQ9wBp13LqMo3qq5irVGy2aXZ8XO24UmG14HSoyEsj8UVsqpdyPOuw01TsPEgNBc8qB/S4Yxllj8SO7VtZa0KOt9I9jFfyqFZcydJpaG2t6/iXv4xW+4+wyAlbMjofaT/NwIXP4isONz+N+XXa4tAiwxUmuNNuh7BuZL1ja9X83RJz++efQw0BwMBYkkFzQXIXruygFF517Wpv2TGtNwQ6vPDW7IUqihQMreiLxVV8zj+idOtib4gZJ3bExt8b4+3WBTIqVW5J5XUgzLAjBSIxf9ZHndNQAwzrDR+uS6rnrlNST3DuxH4vyu4NxoT4YyQvOKH71YLIOooIIdH0fDxk+n8lH3UPk+pqQYspofqX6/pBSkycZs//413qe4O1ADig7aIA2G40vLultbguEJLbgTle+gqVYk+4wyjl1r662aefpkzhubXb5Oh7H9qQbw5cl9FibFZSGUAVd60SNfOVkkaofKzdWiEFyiBYAKKguPsNoJ5no9JPe589kqp+Q3gx/SYhlUSPVW/gcmYgoUfMGj6rkNrvSQEf4s0mFO657OBxuHqCjHUlo1TtF7bVVdSaGk7nokr/0PvZHg2nrn2pTmeGc9KfEjHl3JIdFUNQTv3acpOiX+PERElrCcX2VJssaZi1xY5gzSDXraM4WsKSoN+sBdpnLVenCCeCfGu2vna2gguIaWCB7GTFIghsPeJiVwCxTIQBjcaCurymudA5Xh++l0IGsTrzos07MQGrY34JBVxaQ8T5WlOn8WBlG+TNrUb/GFGwWHpdsa5tQEXE7QeMWEJPZH0y1COV1qKjWE2X56kwJ6wdFKVj2bjMloiV2FQlDDf8DWsPohzMXLbD+LYpGnbkYyrFLNtN1RVKTExL/mXUDfBjg8V0ZkttAH20cSn6pJ4/+SXsqIwZJIxi3IjTHrTyQeJ/9q02z+A/SGX7bQekVFuVIdXcd1DTRuNtc9na0jeDILVGB3kLAPN+JHhdUpuSeqstB/AbshuBoUbefWlgRYvRgxzWel5UMQ+AKjitwZfeCI2Ka92Z7l/3LjjzeQRPbiH3F6gNKE85FeK7269Qn+8h102WDEu5tqju2WM0PGKuBS/eT3G8F4RsCpfovPQ5M1BVlyn6Rhqyc7hhOEhbAY0krFI7Jy/beV8sau8hHIglL5SYEZmxTH3CFomKmoAzeFHCMqVJPjBIAShRygOq10yXIV85NivoCvvcfqksBS2J+xDftHm54RkXlBiCEThUREt4vg3QhF8QqtHu98Guygp0dyz45WdN6QBVCy0R1TrdlKe1DekA8/HMJFeoGwJdBQ2Umj8h8zdoTuByvh+57entZU7q9l02r5RptoOs3noCCDQKqYyA87mK/EE3wwoIkJLjrg+ruFYOIYkM5xl0wiwQLZJHRuzQWmPdaw3xHhKrPeKiUqSVKVE0veBEU0S0fbEK66SVv7fBQd5kNyfJ/9HGcroDEHa3ZfGg3GF5Q8R5OsQPqUGr3/v9//kBQ27Cv4kY/WEm2T86tVL+GNNKdGoaMaPPQQ00U/pTwe/p97ud0D7MaBhYd5gKqFAga3wljb/10IZGsalKQ0CQMzFNegrnWDDkfVcJFNzoVZ2Y38fR3QKGv/pJnAsvh4InXD+8406Ws0xbqvH1ryW8ozA0uSEQCmPKKmlx2g55wYAGAl+EaWJbCzI43q2d1Oo/YKu1Jx41beJnTTQJCgE7DAhLylXV8uKK+yvIZHbEOvQqJMwPVZPcVsNgvAIq+px200YWvojFjUGGPClwbQDrtDedhG9LPRTUbUJKyD4kae948+y22Yiw6ZsGI1OppJ15QPjxIR30YLgbZN9TDTMJ5UcgvualV6x3ZDq+eAcvoOR7jPY5xDioWdAgdknbP6/Te+T1XctVEu2wuBU8DFlH2Yxiu/UvncQt1Nn1DoRkScfv83QLkdvyjTXGjXTy40qvwwhyPK0JUzO/FjiImBytlS98PphejXfiPmR4QFhSoGViizUhSiDL72dFgkig96Agb5yMlCHWulUQaAk0OoiJqzDftdqb36N+PZKSPkUTIK5fWRxfZbiFFNXWZMGx91KwUJUsUo6xv4DAkdT7BPpM3yRJxpZYdWgovv7t3YirlS1z9sSRexbXRZRdEsdE56P6lUq/yHsx3bDvcxkzGlzWFqP/cZjfbA+3No/0I7Hqo2dBLk028a4zYGnMv8rzRo9iWsLydOi0dHzjQlR9idvmaddo1bgDslaR+CXKPCBAg45Zf2JdsllLPqRSK1f+/zoyz2BmiXHM4x3CSpXBPTTXJFh7f9EbZvR3hy4dtEe43goKVbk6jszOvk/N6HV5wXwe3581BLYmVOTrRfYmB+OzeZXpC8pvNV+Mfm/MdKtiuMTZy8+sXj1X4DOgPeeHUQ2bRC6oM3YdOWpwgvR7F4VfNx9fL3hD1OEzlZs96gAsQGEDMEYv1dt2+j7l6QJbbVPabpI2iA4V34DBghoCE4dFrVIITYSYF54kLtShCaKUd5D/76u2r/3EuimJdc5Qx1MWxdj+oiRX14lOrzsRZYRlmWOafWDexG66VkM6mfIQGQnyyaQMOdbGBmXTq0MTsw8OfQLFaGTr4QIqbigiplbxUQ5W1tmI2E7HTv245JogMwgRO+FSkeNLzKyaYGn7SyehMdbRR5Ow+BPE1QPFq5kFIumN2PZIKwlcnHig/GjRnFU6F6TkhfRvaL/o6D92opsgFWKGIkseDbiQ4Rq3a/c3gnGAtzEn5nmh8Wz9kc1ZO4e25Jm6YvET2Aa5FJsTCv4JNgwWp8Q8HsCBIsjfNVmi8JS61fZbp1umr1u8UqzpoKIhC+N4/cVlBFj5owJ75SRt9Bm/BayYNY9WYNGuMoS8vJIrg8+aN4BZ0Ln5abrk/3eVJ0DaSGHChDHQsLbG/Oe1P3i2kpzQPZGSwFuEo2Klb8oWJoIKjKCo7Ux4H/gD+NOvj2lGk8eqbQzwn0noMZpkOK4wXfFyMcHS7JN6m+ALMUs1l6NvWBTGOpS9SLLWsxXSQEGRsm5+L1N1ATKufsS3cYQ0xjdSZQkdaoa1ZItpcc2zZJazcGldIshfBjx/nESa288qDf3CWgxWw80SlicpsvwefVjUZYD4AGYPjav4lkY5UKbYnHauk3PzsvVSsm/jSkP2kyE7+0DXNUGtrUAmyzywJ7hYg9fJwlF1ueeSHGsIqnA/2NXuo9+6kZpJvzlQJCakVVrbdDofQGuMIsxxVvm2a+WSx/ZHz8KZyB3jJGBV16IvZkF0irEO36weGy0n8XzYlfoc2Hh5ccVr2Z1w3OTFLC2O3EBBvWXv0yDNNfsccNvzrTVgBN2F11R5EVTbOylnHfWFB6TCVfTcPzvePZ8yO52+MLOWw/1gfQa3pp0DcVy4Rwy+yVTfH3sPkRamdnsiR9c8oINH2MujMvWQVeAc8eO3heBpAn9izMwhF1NNN+wY61KoMG2AZRZbw44n6THPruK7kCDY0ayNI1rRzOiz9RupGa9gJyVQL68lQH/L3rTC5f4gKv6SsGUb8SWxVn0pHTI8e7Atu6wDfCGyg9Ty8ZBFbPYZFMzTtoV8JRg4Nm0o6EngoM/SWTMjP2mXcLWRONkBHhon5YG+peN/1mLbXiRpb7my0Snopopu2J63DuNz14CZqiVZTEbDC/UurV3DXuVRTgyqoOu+jjRnwAvC7o2vQ8ZgBvWXp7ms+E7HnBnbEvnYSrIjUJo8VU/dApE2oEPtJeRfxqHEA/MxsksYTI8zUr/B/plBwKKa3uUL0IvOpMYNeioO2u/3lGwZknFCIjA8YcG/kHEh73xFF50bu2449nhlGmq/JDDdCgk+rKAfUgk/GMyV2hXV6Qvt4xy7+FXBFmocy1YAHg2FBa9pRdLpeKpkKj6oc+NmEnE7wkaS9wujHOCzaNfz4Src7+WRKHZh3oP8hqxFmpqAkjtA3CK770djcSSP5LvGkkbsCzAvf99yBLeUEO1PnHZR/QhmiA6ise7zy0TBRhEYO+1X+VqT/bw83F36m3AJR1LWk/aYeeYuROq8ZPm1bwNaAhPMVcrfVcQn+DANuqT0+PqkT9pPRvXMyOXPYcGVOYfNr3yyTAZAqu1+VonokvufIPTEMFdk22lvaMCTfS7x4E/0wMjH+2/1/JeKO/mFma9QwdxGQOmzv+k9kM7ShMIuQuIw7G3bGgZJ1W+C8lwCWXZZNLPeJqibXK8kSqUDnRbl3Rl9rE0TT0guOr4gXj6OFe29M27N0iCM73U5gcPaOwhyqgGYH6sbzYy2qH9SofbwBPBP5hAFV1doBKW0tMhxvnEXYU3piDBqp0M97uhYxG6h6jpKoLXtD83cxRBjEYhl7J7JQu5yM3CXxOlY6Jm0OAIEL5GG/U9WLTNW4WXkeLUtkVm3heUVplepxaeF08HUG/cnOCyVWpBdBhUHGqZ0EEP4dn0yjy6KXZNT+OwNX51IxCXQzDJIHPjXkgSG0a47eOJefKSfp8CVvPnOTQBOyeRJmD7v8DU1HzC4DoC3AKLE/GubTs9IZAjIwCtiy7/m8BStOlgVxlA9930hXhinXnwuyazXZ1QEQK101MEdgu5A9yY8DCXrAcqSZH41xlJoY0Jq7aZKIDZHNtahvRi7K1C6Slye/aVVmGrZ3hsZW974oJX8DJ+67m8IStI262QGrlU1Kgn0X9nTh9+JOjafr/ZQsNcXh2XaNNaYC3nuzFZIuznEVgtV0+jIWFaFtXelFAwqiJYSgTYBPQJjeXCNwGOqBlpaeNoFw8CeQFNlgMlKw96yJzJvB9D5yLIylhfviNLgRmyRxmCjqux73xRHrDy7Tj9VRfdtt6iGv+Cx2InKSe5/N1i4mw60EgbxbyRXhr1s2XxIexa0x//0UYRJlM7o80hBk4unTCX6Fi2SyvXjdT1Jd5kfrli48mxSQto9fSHHjx55M1Dt38jcxepyAS4w+4/fufJ9VRW9YN4ktQwhgn4FHlcMI2JYtidkizBAYAiPv17gxDJGauJ3NemcDbiYkQdHmz/TcNfQpQb9LYy4laGGi1VOHA14xX7SeReU9VHUYXiT9oNF+07ux0jJJPEeaCjbbaZD3Mi/n3SvyuWCZgKJroJYCgaMWeM8UgRR1YxGzjMJZgWBOJH5IuFUyG1KdWrIBF+cNtq9dpGHqt6nfMiKOW93osFSU5VBPQ1kb7oUvyRktMcc7H64mmn+o8UcISP/GGdTv8LlDLiGb43sjmRMP03RcKbK1kLvwcEEE5KKz6YTGqE+Y3OS54AfSWGc5ruK29l4FkGHFjLRtZqaG/qEEefOjPVgUzdtOJXSMu1dAUT7JUYzYIcRa2bWvjsSSq2btIBjapjll5xR+y/i/xe+/8E4v/E+Fld9RFAF8C7R55fsQqoCjfiRwEOOeFEstJz7LJmRAwc/da+7BNSppsfAShPXbXuGheMNiyD7/8mzniVgpAVYZJf4+wuXmE13Jug9VsLTkdTZRyGBC2ZmKxy5E8j4HsC7grtsyxvHDEfnBYVNOwwkCGXXe2r6+6xk9b5BQUVyvH4/4HeCoOkxk07t78foHt7IgAs8QjcqcCq/k/IqkDnOrt6Jbpdx4AfsLAFIwMFxMSwR3y2W4Mno7LbgZEDSzBuAkDmhgeyVkUVdtKdKarrgAFuwWohZKIxgng3jKyigN6vPvHMcJBX0zZj2ly0WA3zY6fdx1XhY9soutnPd08isZoKq19Pds9mtCP26q7TaDuV7WZYtf7MG9j9PEVVirTcw6nUaumwMfgS1D3mAKdQ3u/QTEdyhaElgEhN3zTD2ICUOlCHx4PSPPrZGXpz2GuTt70V5F3oH6NvGZStOKoxb/N+zu85NXS+/DkpeFBgdFAU+2y5TBzHROKKqRjlcMNengr4LYs9GQuXAg5S12Y16THbF0978jCJmxrSv/FVLdvtLwfRmnWjLvBtgRKIMvM5mrIk5SnpvVm9d1EmhHRCtVDu2/CgX9VphKNJgo+cQwH8GzsXltzYX3ffPiAIRl5vb3IcA7rQpAtDM3N2t/TQpb9AT2j+t41Tpus2cEveyCuCYqGzGfyOgoi81VZRfRrXztfxnZz1+I2p60oxeR2PFwsifU/oV3tf2/EBd47Z03/WmXOCoXgSjkYQSJay0wvXphtRX42QWOr5x+KfDh/jw+dV/dVA8FrwCVWtjtvVpac/5NSbwLiuKCv8p0gGH/ZPy0FUu99TXCYAHAzsGcp6LTATw6cYTSrZQS04Qo0s1BfmDZrk6wiT0hu9VeiJ6zwolC3hzV4IqLsaHPpzVLuSxKBqJrAqCgBVO7dCi/m+djzz531Z7KxdS14mzGtTkeNEipTQVCFBh7jOVaX/ty6r/eGDdIuqp9xDCCFRveZUx2tB0K0eG4kRSRo178zeFwYD8TVFIMPu8QH3c4UQ1DwF9IVNHCOaojxchWmJ9wrMy0dAvFRZKwrLmbfEPYzkdlDdojF8euX6AV243QMgc7Sgd6ZwX/uuOWGJoQgMxYIX7DPswGHIjPDoWyZPy13DYTVyhFHuFlGVEThRgqRW3MQ5skHb2BTl+RL4VFkgZgF5yxoqlFMr/ahc9drYbR/IsjRqbvHO/h4ARDvbHoY9dSo2WPy9ryJp3fVa98xBwW67u2v4yfbbJSkjRPI0nOONtOGREY59xbawjW06Nk4CjaSpZClqqJuAAO/IQhcaDNAQIYobTCkW//QsaZm7+3ZMDq0rG4+YuDq0dWc7jFZUI42EMDhBSIDNl9CzgDVL7MRLwDulaab9LZZJb13yDLHLdRYEnx2g1ukULXrfaMzo7YsiG6ij+WqNxiDkTetmD1u5ek7nQO2X4Axmc2S7mrlF/ix2NuTF0+Hs98a1eSA8HIu1xmCGV7JfuUknt1ZAo6OgV</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:01:34,756 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:01:34,756 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150134Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_236e4e03-18b0-4a57-bf5e-a9b61452d080|http://localhost:8000/saml/wkWYHJwehFeBFfTC5|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4569ee59b4e2c86e7e45730c2597e19d|morty|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|identifier,uid,telephoneNumber,role,mail,surname,displayName,givenName|msmith@samltest.id|_d87218e4d3994c2ada468888071e0ce8|
2020-02-28 15:01:45,963 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:01:45,963 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Recording do-not-cache instruction in authentication context
2020-02-28 15:01:45,963 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:01:45,963 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1850556964::identifier=rick, context=org.apache.velocity.VelocityContext@3eaaa2c0]
2020-02-28 15:01:45,974 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1850556964::identifier=rick, context=org.apache.velocity.VelocityContext@3eaaa2c0]
2020-02-28 15:01:45,975 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:01:45,975 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:01:45,978 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 332d1f68318c82055e95bd348fbb49d2fe54a5736f0bca1ab010a6bcdd759f5a for principal rick
2020-02-28 15:01:45,979 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:01:45,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3c73de44'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://localhost:8913/saml/metadata'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:http://localhost:8913/saml/metadata'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:http://localhost:8913/saml/metadata'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@71b1f47f' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick' value '[{"id":"*"}]' expiration '1614347153155' as '{*=Consent{id=*, value=null, isApproved=true}}'
2020-02-28 15:01:45,981 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:45,982 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:01:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:01:45,985 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:01:45,990 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _79a3d77789a726de087c2ed24c143294
2020-02-28 15:01:45,990 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _79a3d77789a726de087c2ed24c143294 to Response _c5a4773598f42150d12f06d1462f7b3e
2020-02-28 15:01:45,990 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _79a3d77789a726de087c2ed24c143294
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:01:45,991 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2020-02-28 15:01:45,992 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:01:45,992 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxNGvlf0t52g8quqBQydTpiOEXpoGkBaBoSZt77qLQ1ZAuaUnzYoN5YCN4oBVpE1R+fCUqyd/Jwi1PC+nDz0T6xFDOjNm9QlHCMNvkmAZVmv9bn9gGwweIypF12CVv7j3+M+sEi0sA with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-34a0cd0a8452e47f5075da529611e32787d35949
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8913/saml/acs
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _79a3d77789a726de087c2ed24c143294
2020-02-28 15:01:45,992 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _79a3d77789a726de087c2ed24c143294 did not already contain Conditions, one was added
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:06:45.982Z, to Assertion _79a3d77789a726de087c2ed24c143294
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _79a3d77789a726de087c2ed24c143294 already contained Conditions, nothing was done
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _79a3d77789a726de087c2ed24c143294 already contained Conditions, nothing was done
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://localhost:8913/saml/metadata as an Audience of the AudienceRestriction
2020-02-28 15:01:45,993 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _79a3d77789a726de087c2ed24c143294
2020-02-28 15:01:45,994 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://localhost:8913/saml/metadata to existing session 332d1f68318c82055e95bd348fbb49d2fe54a5736f0bca1ab010a6bcdd759f5a
2020-02-28 15:01:45,994 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://localhost:8913/saml/metadata in session 332d1f68318c82055e95bd348fbb49d2fe54a5736f0bca1ab010a6bcdd759f5a
2020-02-28 15:01:45,994 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:01:45,995 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://localhost:8913/saml/metadata and key AAdzZWNyZXQxNGvlf0t52g8quqBQydTpiOEXpoGkBaBoSZt77qLQ1ZAuaUnzYoN5YCN4oBVpE1R+fCUqyd/Jwi1PC+nDz0T6xFDOjNm9QlHCMNvkmAZVmv9bn9gGwweIypF12CVv7j3+M+sEi0sA
2020-02-28 15:01:45,995 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:01:45,997 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:01:45,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_79a3d77789a726de087c2ed24c143294"
2020-02-28 15:01:45,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _79a3d77789a726de087c2ed24c143294 and Element was [saml2:Assertion: null]
2020-02-28 15:01:45,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_79a3d77789a726de087c2ed24c143294"
2020-02-28 15:01:45,997 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _79a3d77789a726de087c2ed24c143294 and Element was [saml2:Assertion: null]
2020-02-28 15:01:46,004 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c5a4773598f42150d12f06d1462f7b3e"
    InResponseTo="id-34a0cd0a8452e47f5075da529611e32787d35949"
    IssueInstant="2020-02-28T15:01:45.982Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_79a3d77789a726de087c2ed24c143294"
        IssueInstant="2020-02-28T15:01:45.982Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_79a3d77789a726de087c2ed24c143294">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>zkdupGEvlkOAZRpAJ7m+1RtMsdS5aT3NNVk9Hq0oypI=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>pOcp+l4jFYF64np5cdhky9RJ9wEvvsI6paDWr9wi7n+1vZx5iKnndiVL3u1LboQQB2/tbOhin5UHBZct81uf3fuIvf00TnDNXjH6E6TYxdz1WRj17VfzMp4kGIcaVyc/lSuzpYfg26w+FDZn2XVIzipwhvsnxipvs43dzOwiX78OFUfjpl1X9GiEc6F8VgqHuaQx583Bs29i+lJSreYt0kRV2UvJC9tlRyqnByR/JaaCHa9B2GigeoFrUoN5V6z8WYYifTYyKAgyWptHMpb4AKvV5+4hmWK/ZbOUmnIKdXYrvgM/TPMmf/KmxgLd+jB0e9cnq5ELuR/3YqdthIIBmA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://localhost:8913/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxNGvlf0t52g8quqBQydTpiOEXpoGkBaBoSZt77qLQ1ZAuaUnzYoN5YCN4oBVpE1R+fCUqyd/Jwi1PC+nDz0T6xFDOjNm9QlHCMNvkmAZVmv9bn9gGwweIypF12CVv7j3+M+sEi0sA</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="id-34a0cd0a8452e47f5075da529611e32787d35949"
                    NotOnOrAfter="2020-02-28T15:06:45.992Z" Recipient="http://localhost:8913/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:01:45.982Z" NotOnOrAfter="2020-02-28T15:06:45.982Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://localhost:8913/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:01:45.975Z" SessionIndex="_fc8706ac4138ca69bd61a6a05ab5c75e">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:01:46,011 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8913/saml/acs
2020-02-28 15:01:46,011 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8913/saml/acs
2020-02-28 15:01:46,011 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c5a4773598f42150d12f06d1462f7b3e"
2020-02-28 15:01:46,011 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c5a4773598f42150d12f06d1462f7b3e and Element was [saml2p:Response: null]
2020-02-28 15:01:46,011 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c5a4773598f42150d12f06d1462f7b3e"
2020-02-28 15:01:46,011 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c5a4773598f42150d12f06d1462f7b3e and Element was [saml2p:Response: null]
2020-02-28 15:01:46,014 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:01:46,016 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8913/saml/acs' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8913&#x2f;saml&#x2f;acs'
2020-02-28 15:01:46,016 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:01:46,017 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'yIvL73GskW_UX01Llf6pthUA21GifMGH6UX_tYWqop276_SXLKyhg1ny', encoded as 'yIvL73GskW_UX01Llf6pthUA21GifMGH6UX_tYWqop276_SXLKyhg1ny'
2020-02-28 15:01:46,033 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost:8913/saml/acs"
    ID="_c5a4773598f42150d12f06d1462f7b3e"
    InResponseTo="id-34a0cd0a8452e47f5075da529611e32787d35949"
    IssueInstant="2020-02-28T15:01:45.982Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c5a4773598f42150d12f06d1462f7b3e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>AvkUcdRW/YIKRRGW9J2nnpxBH71OD1ePcB4lIQzdsXU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>sl6k6YqAMW4c+Da2UYebCjWar+0abhC7XwKUeyK+FSTL6DcHhuduDOQJzOBa3vrEpytFMWpX7Wa4OaNsn0ReneOv9/druemy2mKsQ3AOfElNNkiY/yKegREvUH5BIX4G0a4zj5BugqR/xAzWg1PZrxKK/YUTMSpxAxLqoV6FS/Y5e1fNXI7gqalCWsam2lRP1Z+y/OcWk+Rzwx94XPYNlBh9tetp5CiAB5/voaKL/WFetuY2FfQ78NaI/Qscfq8gjXzlci9RzDtK+8hXJ4fo2FhEkkZmXHwdMr6vD4Ncije0/fWla1eswglgpUkpDCw9U2N8awXbSXdFfz821Umojw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_54393fbe32ed1f85c8c774e6d05629f7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_319d5dd7143809f450baba4a90dc779e"
                    Recipient="http://localhost:8913/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIID5TCCAs2gAwIBAgIUOIufj3SGPNgwF7PcoR4/dt/tl+YwDQYJKoZIhvcNAQELBQAwgYExCzAJ
BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMRIwEAYDVQQKDAlsb2NhbGhvc3QxEjAQBgNV
BAsMCWxvY2FsaG9zdDESMBAGA1UEAwwJbG9jYWxob3N0MSEwHwYJKoZIhvcNAQkBFhJjYWtub3Bh
bEBnbWFpbC5jb20wHhcNMTkwNjA0MDI1ODQ5WhcNMjAwNjAzMDI1ODQ5WjCBgTELMAkGA1UEBhMC
QVUxEzARBgNVBAgMClNvbWUtU3RhdGUxEjAQBgNVBAoMCWxvY2FsaG9zdDESMBAGA1UECwwJbG9j
YWxob3N0MRIwEAYDVQQDDAlsb2NhbGhvc3QxITAfBgkqhkiG9w0BCQEWEmNha25vcGFsQGdtYWls
LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMc8Ibyac2q/dmhp6uCkpBVghZqF
4ot7n9mmCuyMAIm8DGB5wR6+7KK8tUs7E61/dCsfEosxHAeIOqTd78CbZPOkrA6IpWVODxRHXZB7
Y6v8TPiK6ip2W/4uykhLEYsiIbFyR37o/2G6farRMs29BT13AwSypqAkra968g2Zqz1MswrOxK+n
R5UwGjDqHW4ipQLCsmvmR8LeQd6QV9LHqK6FHNaANa0uWSKaQWqBkGEBw2u6GigZsK5/BhRZBw/c
PzbZOzarumHHkl5zVACy7X+WW0lCFBdwje+V4TUnrlz36BviPQzLlEKjPTQ1ORSWSHgUHekdwx07
5t57PPyMxj0CAwEAAaNTMFEwHQYDVR0OBBYEFDrJfihwQpMLfZBFcG+HWf4Ar1C8MB8GA1UdIwQY
MBaAFDrJfihwQpMLfZBFcG+HWf4Ar1C8MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggEBAIhDash+SZIM449+CbbkmBH1TB4yi7gXCDNKEoZEywdkpTvwoNDzmcq4y4jGhHc1+DNu/o6p
9DQ+YmhPlJLGMhjkfdknXPbqLeIVfJ8mOIPTXXgighI/EN2+xMru0qu189aPsebYeDpOgtev62rt
oFgT29g2fRMREZOfO04HAZOzSbOd358DEs0nnQcLL9hp13qFPPHEPZP0ntAQUSUdJa+OdcNI+jkB
4P64SbW6z6e96/NRqR41VdnqKyRdDHrsrm4dWa+XZD7uzFmtJkSRuYAyZXYQCRD5GCyGLR2bJm+t
tQoNlOzXCgdJa15HyUKyd5OojupO6lK6EwHg9HuJQUA=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DYV0IXEI7724e3fSk1jrQSnomDOCPI7jAgZ7yyhxx0f7UhKi8v2aFUjkYSHpz4OLRqoDvp8Nb6Sgetzn4dqvaD5H+jeHVMzxVn5i3GQYXws4LpOrn6iKyn2uy00T5vdzFkOxlgtcE+bsDEqxargoAYuDayPpaXWxaik88AXyDZuNZqTX9q1YGXMwBxKiycCLYCPlGbDy0FkvIQPlatjzpBK4I1JxoRbJWnlXqIbSwZJ2rmxmLSURIISqPJPv8sOa99zkksdRKYYF6tycMQjFUDVBuLzXi0k4YHB6JauSvyUsRMMfumvJS9WViYm7z1K3kzctMDERkoXcPsj56wX97w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>uou+11EALeaJqBF2JU6LP0ol5u0ZQaezbYY6v9xdxWwX1lVJ3O8arc1KbTJSIF6myNaRSI0+iU0TDlm0pT2zwWZ7PdXbAH9Ya/mZfw5O91tpbm1w3hTHUibz9UiAqNWUEF4JiOtOZ3/4B7yT6dsrZAv5/K4aHjDmXaOERGGiS+YtZZsQmO73Uz5fu6j6ilBIw+Zw2h0E1plYOa+miHlcq0Kkd+Y1EgQUF7f+expA9MHzErbllQJlYbUtDWZoINrOnqn6RzKMgjSAPL4odT3iPsNIazYSoi0JwyE979xghc/H8IYU9ghXZoMigold4LkWBV5GhBTe/FhqNAiP+cX1awfSfo6QzcR5YTWHPqzB9adIXtKMgN7IVpClUO2Np2y8wHGraxw7dJQOUTKWboWBY+Nu9Dd/1t1ovqCyTrhiKwIwh/5Eq8/1bUIOSWAnAtBFBh8o5yTuDTSVVNx+68DQcjfiTyykv2Bj8xW46Py1W3oG/dKxSaizCDpC95ZBwzxY5HYDNcFL+lN23UNZyjMK6GlsYSuJsPZDb++HuwW412Wb+l0LWdYZCBnXaOWM5Tn6yX00NnkTRjeI/NiSJr/7X/7p6m4bl9q0BvFs4OMJ5UDK69zE783cGOiCuR7AgHxukkbu514anNG36WZEjmwMQWsffZITzWq2S+FZpORqBAYos/6Hms1du5UKsH/JwR6qVSimxkk/JVPQie+ju/ZOD4ep0GXmWEwtyl9El8+K64brNfZ7HsLP1gJGbZcN7dbB1cGKtKa6i0piRGtRaXRgkmQxkmCIixNCJjr3RrsyDiesnHF2eEFqZZ5ExDEt0e+rEbSFTeYhJuPUgCX7E20QdUmni0vRebbUi5fQhc1qPWBNStg34iZMdQTzgaNWHYAYGOpjdEvWKrAX8p0Yf8IC4QfHY4nUrC868Jot7/FmQ3xUIs/h9fW4mp+8d21AuVqTQSRBmVaJxZpri6I0qBqRvNdSSdOUDlnkiCigX+FOlWZXhSOCkwNKasUujgDVgiLkvkRIHnOM7J6N99rc3wS0gE3N+pHTpHjRVfVKvfdiOblWuWQE7q6Pt3MyPQ3U7SwH0xaI12f0dhoHrx4hTFKDOubkGtN8eSD4DQh9NEdjTvYp9dEZmrrEv39kL1CauzBHpeleUvVt75xpojCIhV5PPoBOIzcYwqOODxaw5EW1FVhtIV1RWjq9oedioHd7NenZH8LAqjNwL2xA0si9FM1IWiyJ8q6nS5uziEiVM567iZON5c58tZ6xHmUuo+H7xxSkGdkg5RYpXKRyEm90N1UoQwMjZ0GP2ws+k0HkuJD6FQHu7XwrrugTlcrxC07VUFIucSIWsPfY4mB4U+p/1qQe/pAOFif+pkiLcvdMv9G3yAtiOiEBktXMgg1qfdB/0yvo6fqFDk7rxM/KcqCv0TOwpDN0+EzRwknbvbQWzGKrw3QIFwat66BBM3z1chj5WI0umFXOb9iUzKEr3ndftaTUEmzsAf1OsoHe4rg7px9WvDdvf93bjfIOHqt4bXztFEw3W0CTRHZoBkOAPKafOF1O6dnMh6Cc6PSQbukPNLQVP5ycxdof+dc0CQKW0Pjz5GzhCaEGXcjt85p9rLhltDhR3dP60uegiYFvFMDMR3L3ekwceWF8aI8NIf2FJe0p/y1sEzwAypbs3o+9MLQBrWF8Zn00QdVnB+mcvJEgUKuSF3DEO75jIl2LxxnxSgnI/rprDumvm+zSpiA4ChtEyfO5d8V6iE5U8lGUS6KaUeIXX0c6LI+ufmvFgjPiSouX3AXK7JVbwr9u5QDBrh4ow1pHQ9OvjRorVEykFnu1I4T7WlOq86FU+uxytbJRrHAOXm0IOW/reCfXScnIx0ViSkbfJr4AAkZRGiNJ+eopccL8sx/0yk6feH6yuAM38ozhDIqi+pYRbBpKS9w4A4lCzLfLZsrU56GcnvyF1BAC33E6v0qkVwZa4WmIPFwXdKHpwMFapPz5UjtF0v1t/j2S0qo8VP7dTmt2VKEz4X1y0gH/z1d62ZbUOtkQZTQ9u+FfL9m7RsA08ZZyWdR18cC4UHN7Dsq2+F+zefcdZ4ma95p3FODPLteDUQ9RaIZ5dy6SRi9gv7gCCio1u74KonvnJ+eBPbLpVQOqRUQR/kaWzSuqaJ1cg6JlDYNbSWI76phecvrjN8GtTB1zhI9xUsy89mHWpYxE6W+5WbZJHBXztBoCiyVxzjqed8Ysn2yOUk9czw8OwdgoA0jraz7hNirRO5dcGHrGAa60aZAgKGcF59P2z/pgrQAF6GHHYpZ91T+5EfiJYpPbv7rrWs8yoxzaX7fjIRuH0mmt+XCgIlOQTTbBiBMY+o3uH/D19mq2n2bKkrkKvH151VmKcVtT8Jtz3EaSwIu8Ag2/6R4KKMns7kZ/QW0SIlWCDnAA5Ktmoe4hL2J6y0FKSga7Y8VOkOebYBRDn0RXfp8rpgtvg9N1d4zPaLH+Rke49NdkAfhf9GpGkyiLebxrnv4W/k/DKQ0qQrziwxniA3xi+dnuXQ5gQjNAZi9AopQ74ZU+FJielyTNn2UtYLXOqmIHsgiqWYgthW7DNKv8usRpa912gd6kE32DWDKwYAliPPICNRcLDRld8UzRD/ph87oTLUyycaZBFRmuvsuQGIWDZ+nAugvIcULlU+NxXHirYoFEI3USlAnYUfUY0A3qljw5vubjwNKuV5vRPkwtlgR2mKz2ADqRg25KouYH/8/YftDWCXBwHOy3lxI5joV8EbjAiIzl7bjk6GDZgGQPgCTB8DmLCME5Cf67zBSUaZFlj26Q3qJT7oMPSE1bb1lgAWnZ5uYCl6U6DCCtfnrm6J5td0ho7ApxLp7QOLE/M/4YkbaHhsM8T7pJmUP7UOJhh5RP+rzxRFrVg79PUSWb7OOeRfn1ECWPF7m+DNx916Pcfavrr/YJHHYzy00HoDGKNiwuxva8tvRZhOjUhnX3qWFlLOT5FIPWONIaI0SDALdwM4v4OyvgJs7+mN+ZuOs9jK6B3nGkLmxWlzwAPBZOBfJqeglQI316WWqk+D5L5xbsyKtqIHKnunVHdRmmsQlP4oIX2JW2N1JhXP+cXg5+GLOpbzcLT11H4dk5WdiP+nvkUswCNSrtuo8dXW5kwniKRzEwj7Lyrn3KYBh8UrI1pVl16UOdxFWJww3ttPJikr1Dtglh1sb4a4NKtBm7FY82ljjUsTTL2HKeR7lTxXNvbvsGnV5LP1NfZi3sw8CdeytffgFHBspKZARSN+bKm6ea2bkzxljksz/Nw1FRrKZ+uCXniC0Ahuzn5x6Z1oZnSZtu9aB+f3pgCfnQMlnt1DnONxIMgjNicXXBmitJv8/kaF8Qz3LNr8kC3YJwIc9neYB8b5gNwyJkXzj7YdpXTtd8parqzq7cemdllWfLyhy08I9qc+AAZpSirtcih9DWrBg6WAzkXqQnoC0le99/dBp38xi7RS66E9c3/uQ4VEmdYdR604ZwtAsS7DcHwxhgBii+cAP05+NhD635BAaT5l7BGysqpgd/FbVRsceSO9rAyuN+uzIbpVMtDel31CSa3RAYl8cFPBRa2K2z+Bssr2yEwtbgZeWHDRwPj4eNc9GTId+nKrHYsEqmfRdmyJzesQAyjF/jGYcB25VuxT9U8ItVWSAmFugVZqoZeyQbrkYZ60iR9NpAMxarmVQeCIgZF0VRgHQrTY5Xiq9s6UyCJ1NSdEtqT9IxZ8aBQgCxzfbatxNh+jo+TXWRNziDyPbpqmtzZu6n33zpjYet78LLVhb9u1YkXHdelCiqc7MAiC3elkDQT6OpRP06yyu7v4A07VCTYoa702wsyKsd/AGStSUMPaGjGjLRQNGEBhJMICJ627wBB5TaZyIqbtzRzq1RA3V4ovNqVjhzjhSkGG1LOUMeyqft0/f1yt0QXleMl6z+egsHrz5jJpe0j0AZKcX5iR63J1GKsgPCk+WNq1DwPI4NnceT49agLiSDG8sDZPdwNkoOyDctoQJJr5AYMGiABSXT/faQMotR1sTX/H6X86D2p8uvcy2//iFVC4FQjse9syl2WYvETEWceG79A/gw3gZ+qDpDutxKC+pqLgcyipw/U1x7pqCu+gze2OV46Q80Fw4guhq49cxaGmSjhOPF8wUOOCSLenJ4o48tT30Eur5gEHdDvAfBYe2tDnL5V429a9YFh70Z96KYr1YurP+FQvRhRBqqlQuNHmZDoUrkBsautD6DJTASGmI8S7+nJGS1fjcJsWUnPW+JQ3Po1lgV6le+1pgaHANYwCt9lt6kXE7bV9gCnu5GYwQ5frVefAbAvjE6T3hhbFJd03yl38oaOHCDCNKLycOuJ3W6bggF8srJOIMC0lSjO2qpRqdFsjU8cLrJcyTRSQeteFMf3Voh7ngOBLJiA3ojKkmm+HcVD4bayffIK/+ZFBI6Z6gaHCENGfj5bUu1dipb/tMd2kTrMuaBj0ZqrQkUOLWn3Vp5VhXz7m0h6aB8K1vPBQ1Bm5j10GqlPJ5Sp9S+7YwY9LWrQbLK6a5Ie6SEo72XXFsmJE4Qqo3CSRZIi+isMpbN3ljJCHR8nyB2/RkuiPp+2MatWipyzRPUGACiWD0vYlHxioZBnD0R5FRb/2DbR3okdXzLZhArI9qSclmWKk5geU5/laTL98E8t3H68D6cWz0EXqUWVhQ1PoadtSd4HsjI5KE8r8fzuj4A6jZoa/MJmQDlvz5DjFTOaK9AFlEk0XkRk1CU8tVa2AauzwxKigeCbdbuq8P1rqgsIEHTFw6QIdRQKa2wPjdneXD7m2/V8u3n46XYGrrXms9bxJIQ15gFPqj9NAEAzpWgMPuYH3Pmv4929z2d3ws94mjR2YYCBqqHGnfd2HuXY6fttCBHHIEg/cNyxu5dLPv4G5Rcp1v8KrJGwVVDdJw88iqDpiwpMUb/DkSqG/+jWyixY6DBZg55s05n+y8sW0F+L+DJnDs8bUAhwSULLnyAzrzq6GAm/S2QratVy+gyi+1jxbV1bmRvmO68TEghfllthZBfzuBhR+PGhWh/EqtTVaP/o81j+mQ29mf0ZeEVNBxj2Pb/vW7ImUMVpOvDKWm7k7R55MwBX05G8tCjBZxsfidBUAazYQFo/Mot+p7JbvOyNW97EDXaPSxWB51KCq8FBOzrzgrOaAsMKnp84j5iVyOrOkMcd69DZNvBjlkJK9sL8afSDfKtUPTY6kfW80e968Suj+XOjCVP4fkWn4LxNMRFj3cpnA38L3kUsYH1Jjk5tRKWxPAn1II+GEaUAhyWYNpITxFXL5LV9lBKDwFZrgdxiQh5uphG5ZJZ2PjUTbo5uAT2PEkIMfFmjZqtraSXZAebdbLL0pobEDKq1sWcvKIoLMmGGkaRy4g/LKbmX53iaM72dHG5ZOlKzg3H4gTzAV4mZERpDsXbnMrDeLj71nciOkLfC6XN793g9CSCOmlllbDb9EY1bqXC3cwAFbY/+AX0Ae+Ax6b3uk0Y5FWQGafMZpN22InXbPx9A3clVGWfj4D7pS7S53uz1/tFZ1do11vQCWqum1Ifcr940J9LLnP9nhBth0ycBL/8YsK92OAWRd7arNgOfYwLhAnbjlEiAEPeD+Stvuox2VfQlFLcKKVCNTmIf7uBkajjNYgKR2Xs6W3lv37qyDLM6A8myZjvRJVFjf+brSX1XFXV4tdS9JZaKt1HzgovUFi+nWaHtaOSCvRayKWxygpyAQ7NSH0BtnWKN6fPG3Sa4tNZ2z5oP/cU7cfcparE306e6opQTV/XpslDO6UysOWxt0/BoJ8pmQIiXsiBQBdFiR3lZbaEX8ITI/kT7VBtjqW1iHsFzrxWe4EPeMaKSzpptos9pzVCTjFFKb67QMQj33cHV7/C70fUKc9AB/l8IRNIfs9hcbY9q6xRcgHSjL3ojz7UINN6/GPWQubT2fChfYQR8gq/jVgEGj0JC7egZYfqjwokq2LL+6sSBPXnoXVR4nfNsA4lY8tnNGLe7q/uojkZFX2zMbfNPbV73FL3jZtqYnluE8Wdb02aK3Kp6svFccmJKCbAqd2RUL5IsttuV9Vo03j63BVWnLjUDZ4YAzhEm9n6HpahBCoQbAYGduL2oIN8NW9+qJ69uDDng00IZ5ZLuCG7WZz7teMyhi9HT9//0cDO2LIlMX0Os+4kViCooZXdEsHA7JAOyydC1MzdJrBcTQHEEFvArsia8M1ANUPcNRWFeQbw/uzyuy4LF91iSiPjFzSYvYJyPB2iWJ4n/8gLqaaDgkQdNr4e91LN+sJT3AAtpBL06YwcTQbUJ1wlgMLUaRCZunqYCz5JHrTw+VkHlghYIw0oLOgXWczRh5xu0HYTXp8VGBdut8eeSxqPImi0G2I4hml0exi3XqaBx6iU5/yidMh4+5Ets6fVrDkRYBZBRDjIs55YK94It5WyfKLquH9mUdjYO4BdgtxNURZgo0+pETtQB2+XKo35GyM99JGhlR0PM/ddg5Nw/RTh8NZr9QwVi0kHmmDniKSkBf8k/6zFFn3MJnOLCmnpbI4ScM6oP2J86HVZeeULCcOk4p/JFtgbJFUWwVvPhdzswlCkc5dWwl3WSxrV9/MfNTq+2EgiQ3i/BiC0eWdgTa+WqP0Y7+iGczrI9H3ehK8tZ9fq4E8V5V9mlgETqbpCb6K0CAOzPWor5n56YbaezxvSb+75lkFFn7DuTYMC92iOkgQxY7iQB2i/Zjb//2enk5pZRaBmfQkgJdYfPUQNrMO9amPnaFlU7RrHH3wm0ZFobxx2puq0NQ/Cc17JBqfYiCf9LTuJT9Cng2BQQuXpCi1HxNJ7eWDJUexWPb5o+q22CpxsS+/TReLAb3vbz6HmsNF+ROSFU+E5F31VwGmnGHik5oqUWlhCpcO2zTYtjVD6OGjDSCvlF9abq1Lp66rKvc1ruVqcUHTHnhqPMNO2OLguGlbGpsEEfs7EPAOdJ//QYHlZLHuoyrVwiawWDpen5pBvXuW+mKG7zyn+7PgcU8Xguszn67TasoPu2/D/ZqNYIRDCj32PE5RayF7RUcXW4eQxYJ9a3yVSgO0n5i7jAhw29G8snMOXRE1LdlO17Tj9cLt2vUms9cjyKA9Gt5exmXCrbZjpW6VxxBGTajTvz9pWFO1vku97Y0RlHhiKDWAh5VRv0XqG4iV048/0B2EzbhlUzc2wDimV3fW6S4YMieduhim0ksI5yq7DZ8Z1okbIyr2yynAAnIXvcD/XPKTC7XZUzpHsg64vOqqGGh9ZNoY0yjBj5TTjEFvfUz0ZG+55HppzpPtrEKVAgFhgIvrNs2W64FRrHRTnlshmjF090+5Ewyqj64mVY0P+33/IaS+QbSOs+mBVf+er5GVErbDMn+HBi4jsxUHTUZo/iURrpY3/D9TmWMau6NwwLNIVCqa2WkhFNhBaneReSYxgvf/54sV2QocAmJmqVyqRhpUYYwMYBYJ/5af2JvD+GJP8EIjZ1XYOsZicP83R+yRI+MhL2RFchQYA9GiR1u0R1rVhlUkq/nhquD9dYSHPGQBjSEBgmQ0Fb3Ae1LzLny3m3+T3P881+FJv4hjl9ezJ6NgF0RcfJrB0Nw5hYkrMn5VT5y/FvkJG58g9E6eOsbG6d0Cr9vMEffBkWraK6VQM65eYrf/IZxF4t7/U5HhGSFm5c2C27Hq5cOtPXKqdWZ3wTKYarYDM3VJz643M694UM5CJSQaQO2jAT6FBi5CKpZZL0BxFaE+VselXYUu3jZNS13denSq+1AnK2W/VoGj3N3g5NAr2iFlpyfdVJ73lHYZxmV24u5njyNz/8FasAiV1k9K8kNgkMeOAuawOL7GOaazF5lU7pbTBUzXkHR2weZ/mVeqPDU2rUaGortziu+/+dBfqoORatI6xR7GrTa/ZpxmB/5kHtiJSuPi7/592IolEOmKpdiSGImkmjNHHRCslYUL34fCqRz8Lots0bO5a0ahOnQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:01:46,034 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:01:46,034 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-34a0cd0a8452e47f5075da529611e32787d35949|http://localhost:8913/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c5a4773598f42150d12f06d1462f7b3e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxNGvlf0t52g8quqBQydTpiOEXpoGkBaBoSZt77qLQ1ZAuaUnzYoN5YCN4oBVpE1R+fCUqyd/Jwi1PC+nDz0T6xFDOjNm9QlHCMNvkmAZVmv9bn9gGwweIypF12CVv7j3+M+sEi0sA|_79a3d77789a726de087c2ed24c143294|
2020-02-28 15:01:56,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15525-mEjWT1vB0zDrfsV6LnqZZ09QoBFlp-HK
2020-02-28 15:01:56,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:01:56,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:01:56,817 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
    IsPassive="false" IssueInstant="2020-02-28T15:01:55.677Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Tc2HX6QS8z18C+ejBEPcwsad9zUfph7eHk/b6XxS3/E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
LWMGzfukTU6+wpAhy8b9JiZpi+gPzKwBMBrf6mJLgk4zUmRdbdpgYEtKHEDeKq9iVj126j8oRnKd
F0pkgOZE4wwCrwSzUY2lIzJUejVyQemOW919dfL3KuHD4kTivfAxTqJ41M4gXJ10HYDo+Xdtb6pb
JLE94MHkE2uWxmuXZ6H4WmoY1br8h5WE/VsHGqxsqQToQsCS4z0wG0dPolrevynfS+CVVXTZkC3H
CHbGjghGyxkMhb9Lx26ohbFjlTszRMDkoaqqrMRvgo8+8G6iQV+ruu6+UTvTFtaKilqOY37JKTVF
maBW6UAvBjoVvl6OdlhTQvSaV08oaoVVTyGieQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:01:56,821 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-02-28 15:01:56,821 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:56,821 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:56,821 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:56,821 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:56,821 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:01:56,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:56,822 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:01:56,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug', issue instant '2020-02-28T15:01:55.677Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
2020-02-28 15:01:56,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:01:56,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:56,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:01:56,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:01:56,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:01:56,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:01:56,824 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:01:56,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:01:56,827 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:56,827 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:01:56,828 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:01:56,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:01:56,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:01:56,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:01:56,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:01:56,828 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:01:56,828 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:01:56,828 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:56,828 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:01:56,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:01:56,831 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:01:56.832Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:01:56,832 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:01:57,165 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:01:57,165 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:01:57,165 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:00,891 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:02:00,891 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:02:00,891 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1073676028::identifier=rick, context=org.apache.velocity.VelocityContext@3aa6c1b9]
2020-02-28 15:02:00,892 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1073676028::identifier=rick, context=org.apache.velocity.VelocityContext@3aa6c1b9]
2020-02-28 15:02:00,893 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:02:00,893 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:02:00,893 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session b48c6fac5ad57278589b255fedca51986cdad258e8500a680a0de114659dfc27 for principal rick
2020-02-28 15:02:00,894 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session b48c6fac5ad57278589b255fedca51986cdad258e8500a680a0de114659dfc27
2020-02-28 15:02:00,895 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:02:00,896 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:02:00,897 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:00,898 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:02:00,898 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d500e5c'
2020-02-28 15:02:00,898 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:00,899 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:02:00,900 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:01,078 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:02:01,707 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:02:01,707 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:02:01,708 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150201Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438121708}'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6d500e5c'
2020-02-28 15:02:01,708 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:01,708 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:02:01,709 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:02:01,710 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:02:01,710 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0659972177e0614203a099637ca248f4
2020-02-28 15:02:01,710 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0659972177e0614203a099637ca248f4 to Response _e6564f631597e98e768538df984fe020
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0659972177e0614203a099637ca248f4
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:02:01,711 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:02:01,713 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:02:01,713 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:02:01,713 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxxOA/lHhkKZBncVvG9UsJkZHocI2XNGh3fDdstoIgwjDoPY9s0DjwZ9u5xxlQw8jNm3Lm5djUt40dkk5GHuoIVvUXZZX49eux7GkCxwC+GNGsSSzqGqiDPLRUlJCA41P07t+IGOpqiqsJzxTNLVIYGld5JyUJ8xw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:01,713 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0659972177e0614203a099637ca248f4
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0659972177e0614203a099637ca248f4 did not already contain Conditions, one was added
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:07:01.708Z, to Assertion _0659972177e0614203a099637ca248f4
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0659972177e0614203a099637ca248f4 already contained Conditions, nothing was done
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0659972177e0614203a099637ca248f4 already contained Conditions, nothing was done
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:02:01,714 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0659972177e0614203a099637ca248f4
2020-02-28 15:02:01,715 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session b48c6fac5ad57278589b255fedca51986cdad258e8500a680a0de114659dfc27
2020-02-28 15:02:01,715 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session b48c6fac5ad57278589b255fedca51986cdad258e8500a680a0de114659dfc27
2020-02-28 15:02:01,715 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:02:01,715 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxxOA/lHhkKZBncVvG9UsJkZHocI2XNGh3fDdstoIgwjDoPY9s0DjwZ9u5xxlQw8jNm3Lm5djUt40dkk5GHuoIVvUXZZX49eux7GkCxwC+GNGsSSzqGqiDPLRUlJCA41P07t+IGOpqiqsJzxTNLVIYGld5JyUJ8xw=
2020-02-28 15:02:01,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:02:01,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:02:01,716 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0659972177e0614203a099637ca248f4"
2020-02-28 15:02:01,716 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0659972177e0614203a099637ca248f4 and Element was [saml2:Assertion: null]
2020-02-28 15:02:01,716 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0659972177e0614203a099637ca248f4"
2020-02-28 15:02:01,716 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0659972177e0614203a099637ca248f4 and Element was [saml2:Assertion: null]
2020-02-28 15:02:01,719 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_e6564f631597e98e768538df984fe020"
    InResponseTo="_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
    IssueInstant="2020-02-28T15:02:01.708Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0659972177e0614203a099637ca248f4"
        IssueInstant="2020-02-28T15:02:01.708Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_0659972177e0614203a099637ca248f4">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>7J4pToqYulEgFv5U3tOmbzVNCKeBG9A3BagTzzOa5/rgHG0un6qS9zkaFMwOu2SskRGbuqIaVIfIIQFvKlzmPQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hMOm2sLZzIGPF5EAMd0JKb1JyJx5L/6OZENyGNvSaCQdjvQo3QOwKIX72Fy5E7bBrHUMPogBxJjPmRvHzoBomCWsOZzqJMb5JxkV8iPE5fOdhXekqmNDm4d1+lNJoXsFzpYkZTsWR6V6mwKKwGg+zoDpQH/tMivtIzitLcNu+4tL+XrpTSWG8LlsbBYiL4mw1q/dN7Lpil72aYYvuPLkvQyPvMg0IuMQjJuClzR0lzxTA5qdYk9MQ4VpLwRqxlt2tAB0lq243wgqSVbmAVcSNldXaZ6U5OzvSk+5At6tjCybf8xNjG2i5v2XEwT4MYS9se6DWpDSS6kaB0MK91kMTg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxxOA/lHhkKZBncVvG9UsJkZHocI2XNGh3fDdstoIgwjDoPY9s0DjwZ9u5xxlQw8jNm3Lm5djUt40dkk5GHuoIVvUXZZX49eux7GkCxwC+GNGsSSzqGqiDPLRUlJCA41P07t+IGOpqiqsJzxTNLVIYGld5JyUJ8xw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
                    NotOnOrAfter="2020-02-28T15:07:01.714Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:02:01.708Z" NotOnOrAfter="2020-02-28T15:07:01.708Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:02:00.893Z" SessionIndex="_9093a7b1041478e53776f1ac7db3e920">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:02:01,721 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:02:01,721 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:02:01,721 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6564f631597e98e768538df984fe020"
2020-02-28 15:02:01,721 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6564f631597e98e768538df984fe020 and Element was [saml2p:Response: null]
2020-02-28 15:02:01,721 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e6564f631597e98e768538df984fe020"
2020-02-28 15:02:01,721 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e6564f631597e98e768538df984fe020 and Element was [saml2p:Response: null]
2020-02-28 15:02:01,726 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:02:01,726 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:02:01,726 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:02:01,726 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15525-mEjWT1vB0zDrfsV6LnqZZ09QoBFlp-HK', encoded as 'TST-15525-mEjWT1vB0zDrfsV6LnqZZ09QoBFlp-HK'
2020-02-28 15:02:01,731 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_e6564f631597e98e768538df984fe020"
    InResponseTo="_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug"
    IssueInstant="2020-02-28T15:02:01.708Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_e6564f631597e98e768538df984fe020">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>EtIOuBHbaBh9CVjcySMgDZ3q2qNe5wcv2FoNaiWMep2k4rFycbyqwAPnOqnCx3ekvIBzLv3V5qEs//8cPb8cVA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>g2QVMoYpORjjXnvWSlLWBuOGLeHLhDlBTA3e5DQwxmiWvVW4rkELwp4W/Tjt86BCy2k/TGXJdbcrVmhxRM9Z9MlOHHLMbk9RduMt1KkeOTdRntPmXqljb6N+zyBgSnz3tCxE7eph+geqaz5cM7qJBxUsKg/70QHv3mamWDNa4+1Xn7o9T/zEJYGgcXKl50KLNYXlTIfWqfu4NzzpBX2H7v5RqgY60zedOx5GTaI7l2uaVW7wgbmHgPlY26yfW2IgVPMYa+5XEkf6PoHWOMD4QBkNN+u8ykcXsIoZwgZVH3bCspYUtggr9MbFq8WINeiXfV2TBXvte+WxXKRZcCVZMA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_810c2d1adbbcaf9ecce2887ef7e3bc49"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b509ca5ef23902ae168fadad167eb67d"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>cl0/zTu5vJXJ0RlxQrhAiw+OCS/iiRZ7TbYUWYB09NwDtaeijWlCrB9ep7LI5VgI0jKegDvnde4s0beRyQ/vLLeA5f15TbDo81kCoHUZNMAW8fJ00Wd+rJHkeNQHABEZp1M5iaQL8uzioZw3s5YiripJPKgpVZLalNhU/yQRS63pOb5zO/HCk2Xu0iRUp+eFsZfTzpQu6mq849Bj+P3N9PnNpa5kMgToO0AvT286gu1XZj2n2v2zDWyKtxcIYTyh5UzbTm5FZmGh/F2PfMJYawQE4UXCqCOSIeLDNcvPCDeJCYS7f+ytmNw3ZFlQX/d87P75H3V+BglrxS2IrsB5bA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>SZwCpWXJFk7MkQMxHxEF1byIH6J6vtbufyoLr20LqiZU1jAbVcns1lGOenB3sJ/EmjGqL9lBk44Qh7EIKQC05a5xJKc2NgSKnsg8bKIkw9tAvescTQSJFdVp9/oaFC2WmikK45Gt8BgYLCUOfZO59QKe0TUZK+fuF1owwzMxtuo9l805tFDgqpBy0shOCYjMWl8tSkFn7BcOn7DEcdhwGULdtEqiUEAqL/MsyvkPL6Bys7F/xsSaLhbPhMaKGyocJX1s+p3M05jjOXsiAC7Fx4DdXFGJeXX/QWyLMSdhYeudy4De8e3P4hL8Dmiy5VtZUGBCeaeA11creJBR4oVf5NrLBx/Kr118NcQA0IgsJ5MOsWddfKQmml1JkpX2SbC4c+WBdd/5I0cT6cfz+/4QLEcyvgQ2uJtntFEs8rFRELAxsvH2er7ofLbnMW04HZczu4OV/wJIrLS5SpNZnIN3Zwic7hNPIwp4fmCISE/ndKmI1lCKkYtTRl6E5nJd5haNvlBn7vMgsDt2hB2o9W27w8kWF9nIgrjKl3Ff9qYi8/RKraiAxHM2qtAp8/j74fSPTb1KS91IgZtA481yAalTblbEvs8BoE1CHdt5sOltOXSCBri4aLeWSkcSZFEEokt58B5F8ahFzecofQLnu84Osu8c1iWGlIfpcZV4Rxj8rrpjJ9c7WteAyj/WDefXBuacPHBLJQ64D/McT2Ar+dLUjswX8LobE8qdCQ+Bi3qTvAsg7JhQi/L0Ej6T7eZoDhBeFDwDBBjArgF0eaeSviTHs6WyE0cBcqvsj31SF/JDwv6N3Q8wPP0RLrKLib09tSd5ATWsh230HPYKrXj7fteQh4W418ZtpCeob3hOki41Lu7zwZtclAzTZjZJsRqxxGN6WruV4Y86rpbdEogGMjPrvdf/EksMlVtAU5nLpvoUtG8lxWHll5wGRbhqXYZmzCz5IyxoJe+2AXd+XO4CAusPnDrkJBaz+opbpZObGcl8l+Vd7iwodmlwJnFJx57vT2tX2SnR19gGwofEmWD3+DmgQaKJwMC3Gnuj/hEHXd2ZUu5cHEXW+3fJ0rOjnklr0z7oLziOSmMAAGwT+A1dqysM6FKIJfm30xvy6y8lzHh9CKl7cxaWyOWbCL1WMnEueiZ2c+qvWQCuJCq1bA2M0zqiZyCPUXbvuHdykiINkx121R8z9VoHVVAliz09Np4FiVdkCVJZFQJiotJYBSILAW5EC1jcAXYGxnX11OrTa4GxWY+hRbk+1YsNTVuCRr1MRKyX9s1DPKgPzBnYFbYiejO0U4W+LqAL1gQVWgtypLhCMxqZKEui7UUrfyxXPwhcPSmlxYbHhNxHrWBsnhmPgs/kO0mcC0bvCCk24xaW8j9bea6GhXSfms/m5nynnVy+gp2pNEUpRz6c9coFjDeE4BX4cH2M8fvtHPfDT9LhaNy2YfyRX6DRbLT3jNMlxbOI3VOzgONDxicGEuSf5cQubrMQjngzbwnskOv9V2e2rPH9AQYANM6PzFoJHL5o4eVLLYatfpPjzfYPnlQm/JCT5t8YEwG7k/M1QklvURpHcmbkhHeuBcedYdxFEmCNuH9BaVbrx5wiDKXuEuXDufmPS/oY+XsE1Ab/y6yrarho66FA7nTwpsaS7u/Z0UotL5etw+o1z63w0hL8gA4uSnRnE0k1nA0VE5M/lXRZlPNFUimFVhFWx+ScGdfir9CeyO94jhKmoParHb43Cvb98SPhnOI0ENUT6DulA948gF94Vfg/BVp4gTLEGHlZbm6UKSXLiHnjBa1Qr7N76Ma7TZr1kZt0S9QYoewIhZnEDo+cURVTGccXsQ+GrkJFh+Bj5AZUmlMi9WZ8UHZdgfBxlQVas6UhI8Ry1edZZ8TRqAMtKQqmyCx8Kburtiok27VdbeprinG5imRFTKAob9zqbE0aWFy6pNF7Tka/YiJl8yzSa6T4TT3LEbZdqFeQK4PehRnl3k2CCmjHuxA15XekSazTvn1q9CxRoc5Xrgib+khwA+HMf5XnRaaufL6MtFM4QSmDK3G18wOYxZ8006MtTYtKnT2wc21RDzUcy52SxkJ/a6Z1m5VsQwsq5nQt8tilJD3uWWkKNGMAAZvdA0U1eklt2sbjgZ4HFS/Y4mnGjt+bvujyeJac20OXuhZ2jE+VMrS01RAJyPDGR69WvXljhCw02jiQ84YrXoJnvKl4S3zH4xrE9xhYfbx91CG5hfKjq113UXkOSVV4Yi8lKmHKr/3VBj3vCCWfjErBJcSvksHoih9yttPkJiE43yLX7JmIbVx4rNLJ9xqgISp1Sdagr0mq9Z9Bd6RKQ9Z7xwnS5z0IPTySeBml47LroMKCy2g/6c/DTTou0Fk+Hu+S6aTjTbmM2rW+SpwPv/h6AKSl6WJzc3V8LQCKtZMxAgAi25gEP1QIDh/fUlYokaFsdD8+L07CvY1u301Y6U7G0dN41atoVuWFeQ5s3ggzOcGW7hWDO1iRtogZmN7JwY4LeJ0BJ4ZJHOYsYMl5nAG3/b5vg83I2RcvhZMdts15lt/6GgChwMC31bo4YxM9UMOMRPwYU5PFp2soUnnXQeU0zBJRzyEoozcLq34C6cO3Pu81FsrLj+0wEeqQlrAvEf49jI3V7g2Bu6DIAnaZjAra1VDJrfEFlAEMzkxW1Nf+XPn6VJJ2wiB272yqtq72mJJgdDyXWHhNjjbIs7RU/KgoxwSWAyKWRU76Q+yRsXEnMEVUwh6eUiBTHO4zz0jEFdTlC5TZzhzpdB63Iebip6Ge+33+jPH7I/FgTC5u/ICiX0WNrViG0ETrJ1hIheBXgXcbBSH9B4qW1SPVN71l8tyY+DerPFae/qLKiZlekA08Rkj6LMjZsqXBc0CKABsp85JMurJi2RLL1MmDK6bh3ePeUFwDbwcVyhPmDsx0MC+5Pgx3T8958NHFutMKDzCLLVn0Amgw14o31GN9FEWd3GVsxxEEX/nQplNCniRtuEp3MEO/0tvum0NhDr804X+Y39P4/4DugoCUuvcqKwAU0HJGfT2VkIWGIX7DnK2GhULqF5NI+xCPuPaaTes629jeWzJz81ci0/W2oYqss0SF8lVwUAvRBUpQmm42RBlK+mg1osIjgMvE9PKNi90j3oVGd/p7BVp814iPcrhMDPPDxhWFHvDC2WfhXuuFbYJGmszlP5heIoo3ZHmUmCu4atFo8avmgKaqyN1Gq7aXyeBthQLFufkYf3TgDRUPE0e8RZrS0L8gZ6x8JSinzP/jxtNfHUhdvcj+ZEGsLlDS2su3hDJTFP3I/H1EbvjFUq+bMLzceHRpNUM+kBtvEWzl30GJFXMggolCvdXdWVn1sskWcDGETApHnmWIZNDolvvMNcu4m3ifTgBLq5OLJSjuz2fMWVTDySwCAJ+YsrDDmSwOGGO140vmhuSNKQDCQKthN+EQ/Z43G4M6AWbZKb4Stqx2gX4JMRg9v2rjUX2a85+Ozm83MMEjiXMfz+S/+9F6DJHkQ8E4SIh9LWkKfKAvCNNHF5RhbpNFmWzxXALYBSnWcoOTAkoMO3FsJId6HZHts8g3G565Bs4W7MXvHbHx8GZsAUBKuOMTfbEOZ3Et0W687OPQvzja/foVD1PR7QkMJ4NO5KBdBd2jkPD9wgTjYdf1jmHm4/2yF8lNykd8rkeBPLMGEJ2cjc2YQDQB2xT8KYKa2HMf81r/oOtQB0bw3TlLSVUw2tx2SdCECyQO7dDyM9aaSdBCqcMyUmFQ9jo3S76jfR69/PAFA+/c2qthBYeFBL+RtKy26z0Eu4skJhMvs/F7i48U8HUid6J3Z303KRYVPmzYg/hHoa1kc8EBX2EX6fvF3cZnwXB57rJbJDisBgYhEcvuimx9feTusByFMPUSUYFsOUIC7CMD31LD+CyiBruuDO+hZcW6BWQ05sp9HFbNQwxqfQgmZxHphKeGqbHO4RacL+AUBjjXd5Qmnz4FhI6i6hyeFeDBiOm+qH0FT939iBoKEptmXATuZmI115zeUeaOnObP0AFzm8VTRy6qpsOwZVd+5PtpRERnselaQzmhep82huGWZVEhSIwMItk8+uZ9f35W0uaYep/h2dxHT5ZZd13gZF6ngQmtretAhAT0HYhMZf4XaxtjTG+Zq0G0pbwJaO6XbitiZd2YBM8U+R0bsIyCE16yiJILhuZD2O4MBPVhd2A3RXX+RPmPzQHhbeQd9d7xR2NJxJmoWNib1Izw68+6B3t5lMkDYW61NArU2MmMTOUSHMel6jnBARqZVtIYkDtc+phEbNu54r8NkBMIMNY13OB7TQu++wytqcpp2FZDvFhh2EPooIPzfZc441ArYpOSEasGq7g0QfD0AMwgFKK0iYHyptr8b1nx5DHs6apHH8SHXfN1f5yIV95mzPHQcDE3eRp5jcb3IAaeBbTJ9u5SlIlHHyxfyQraNZv8vJBFyuirjFxKcR0qdHeQvt4oPJ4RLaZKBKE5DOb0Yam2II+xTYlytB4XJcoiTsUmyww/Ds7cyoU37CfmdKdI2LqlqCQcSlWsSdXJtsR9DcWhMMBZ2n1q82NQYtc1itcixs2Ey54xWRKs/uFCm/IiDoEIsxsx7b7Hw3RUszwjFTxfFTbY22FrC3xTDP9jEze5aD6jdayWpiEXXL5NnhkTT6gDhz9a73jChJk0+8C+hzqC6CC4wJJfOdNeKcl/HpFDbb4b56YC6/ZJIEPTNEfBiSjHLYxpmZdFBid+MSM1CQVyrN2bmgEfu8vSbOYmJq7iINpNbcdfGjBVF27E86w4VEZVGnXlmMFW/VW9kkm0JlrcexGdPfdsKoCHTjEs2qoInowJkmvq+UB0xC3JDnsH0Fcs0aZvEcLUHWW8aBeZ9E01ZhhaC+lg9yTGGVd0h57iCtG/aBqkMmhgkxOFkhkj+pIz9dpS1uvuYF5UuGFrQ7123/GTocHSsI7ykafX+Gdjp5LWuoV0pkh+ClyHGRg/EDWvh79n+PeY8bROZrbYwP02vc1cSh9KGD2m9LNS7FG2pvkVGek72r3AlhCjcln2X2F7N92L4fQfMkDw7TvaRsk6RASTohfv6LvbZasxInbfJtp1JXRxjA5yVU4S2bBhRfMbLw1pNrRnkFI62PSE7bqLUvzQeWO1DRsnzc567jZUuBbnr+RUrgHg10sBRc5CDnSxojz5DQWzyQUqRwlALO2lyqIwaMh+6KRtSPWgwVMhHqbPrdhV/eb5JCZ+8dxyYQTNNX52LQY9fNpa/4Du1fwPdluw/6XavgP5LqZNhSp2xZPXM7geac5pa91WCHvzAiQa9iBuF6RqQhrM9cnphI3aD5gPUkjg8MNrcXKYXm49QQ0gAExn+dZ6rJwGOI9G9pY3zUstJlr1WUw9CrbMpt3jMKTAt6Rc0EH94t3OwYNJHt0Ee8uzHAc23fqo6YBlMg30Tt+Y5LNyx7+D67irHfLlk7904bwMmJp0W5kewZ1C9CgF8lDedjdnNVy/doN5lLfmgdhLjd0zGVUY9uMZBi3upn/b6wLONTrv8eJsPyduKpI/7BJY+687xsyHFFX2OEyWMDFIPpapxk3HQDNsqMOHQOqOWJaQ+E9aXHnF5c4JB3VhxPO8brnnlFqWpiYk0xi5VVlnwCs8R+Aas7hx6mJOX6fL0LViBMLgcrbt2GUI/h9x+YsxAthA03s8JIdx+DlxYr4PXyjBdYblH2fjx8rfPF01cHklsa3E8Poq7bdR1MGRtaEhkNOnnLTNh+/Owz1FF05Iw5fOyAoAWozUyBKSLOz4m5zzUhthOccVPSW+sLYxLVbEGEB5fRbkRfLaId2LOXK1HGuPVZkSM2w+M+aqs1bas+MVwwGyS1JrI0hFUNI8tgdqpsxPxtug/A2Iq4EfRJU7SAh20OVLgpAheWy8vHyxBJR4i14ke2UIRC+v7Bs9MgMKhjS190EeBw8YJn931EKKhISHy0jpvOZuYIeV12olb7gk2Y1nsQMRq/KN79eJaJuTlTXT2052vBBiy8du+UVumJiEIMQn+eC0Yv+Db4QEEDZ+N6KQFc4ILTVxyywjnuzoQuDLS1rH35BBcuhsjNfjzbSaxOOQ5N/hQ3v1C+l2C7A1sZOPn69qFylzaS/EYSBmP+6r16hwRGK3tswvSiXCs4a+m4awjEy9L4p7AbeZqr7kfQ08NQLFy9v254wjL1XUHLhWzEIrIkbhSvPMGVN036xxyItRFMWvNqy2hKfM6zpDvUv9n4x7LT/Xq27FJNUDt/nskKQhIptjC/3YMZwdFgc44cpSY80qIr4FAuvIrrVlW4iyou/NdhZbjK2V1GMKe/E0VRWPxzg/gQOIXqu2Ut6xTQvH4jpe0By73J5z6xzFg3TgwdqinkXJwLfi3QThe3LEI2YJs3Rv2AZwJmgVF1hM4mPl0aBReRNgPpcykHupia1J4tiM3+/R1ilBB9Q3gD0cAbjP91VNF9w/JwQQ3Ddfl64fmeqCOqup2i6Fcvq7Y0cDtO7gpifKy8SuPkSNXTgdfamk6WdOLNroVVn2MyPhvXAsg5JOnx1hYLtasfzoBtaFejVBt7NOMSKzPXNN1JFx7LCgqoVTHZ5yBvvJq7NKf7Ng+Y3miGrlDEF1o0elxA2GFg1dcT0BrY5mIV0unLzsQiKPOnjoy/pZlBNf8KcLr9oa47P8ji8Gq0X1zdlBiqXAecjtsabUNQG0DJmRzLGoSO0ABA4WE5hLz75W7acS4TppWMpGkV3PyffOVbCFYPMJYtPrb7JQ9C1+jQMTPFpVYOawZ3vBnF5HazpjoMWI+t+YePnecRYCmjYQWEo1cqVQPfABYPVyeO5ag5jmlr3BpHyhNsXhCIxO1UYVF3mQTbfJy05FSQSosyeQkwVr1cycxKYKFznvZ9r6voJf/4wG7PnqrJJC4vUefGW6LxC/scH7G8z0ZSZf9btZj85XnRjEqxzN04jeXdGnViW6EmPY4gLP/2qg401qK2h+Bp3/X9Jcwke9HTmym/LuImVTpdG3St+AbwRIsA3SxNnUKoC0WhxlJFW/NGnFXgaZYkC4dHzfsCskbjjTROooRQcjq5x+Oic32cgD6FXrViHqWFnn0RqN1mbgOhmqSFdInST7Ic7UvxTmalbrAdz+dkSvOcDuQSuthaXgODzDEp7fd4pUJdJqzXLyrd2aw6acze3jX8MEYH/Yi0I0V+Rvo1C5yBE6qyDrUY9QQoDZ9BYhUriBDNZoRynx4218Vo6KLh+4mYZ13cLk+cdm0aGkUtDVrH7HVrPr8Tc9qmOeh/Ftn5h/3+v3v6jLHpadMgiE/uOVdlErPyP+2MpcAjWVpKFKyPjS1sLe4BJY47udnJdZm234ChRdIrYgshSbyqYoRvyeOm1vka2h4a7z3bKeDejzQNqkQXzTTvJ/Vvvu+Tq0tbgXH0Wg5bYtQq+Rrf3hjBgVbOrRpFEmerQh6R7qEjhzyAS8OD8MEWyIIWsBMEXPk1neTC5+K9fG/fGa2uxZWhC6EsyU3uxDu2PiAJiuwLls5LX8m5/52r7w04ni2YLY+y/KYrMmRZrtKx1vju9PKIHIY1US864Ao55OO1+dV+zhrhfqqgxvutCzO69s9cmUHNFVrZ/MAcsHx7oMt5CeSgwgQ0kfEtZD5h05mcNHOhkZCzdO0xxQB92EPiaW+5RDctU4hhDsJYyrcz5PneqjrMkSmaQzKe7MqTgtW0rilKgYTSzldnamEOQigE+Xe13fxh2+jvV6URER1tyKiBEhx4MgobDlU/xaSn0ER/o8VCSpDXMjhmPvR/XODreB7uUYqwbaWp8gAEU1WvBZsfw8GBhJwKwx7swA4qunh9/YJsCuGUTTTW6tQb8n4l0wNxAvDVsskY4F3XMPoi/0FPyCT1vLGpA2iLpbn6kblpQefGn3jorADyEdZyPGIzm11xp+iqbg0ctNZCO2mrRFMehyw+sK1xafUNy2VfNebdR7dI+7NwSRa3Z396O73V+0WDyfrtXjsHRaA10rwz71VkTKwVmVJsbDxbJVZ5ikyJPotRL8n5HG3kBqjLt50EO3NlwbkY8FDAN7hPB49lvQup35v3SYYhgTHVCauQ2s/4PTcPVN1F+XrJFgdxHw9MlW5pkVXPrgudkNcI1yNK7p3mA4rYL/wxNP</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:02:01,731 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:02:01,731 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150201Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_aepsdih5stlsawosmoeh3q5hlxtnct9bdxjdmug|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e6564f631597e98e768538df984fe020|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxxOA/lHhkKZBncVvG9UsJkZHocI2XNGh3fDdstoIgwjDoPY9s0DjwZ9u5xxlQw8jNm3Lm5djUt40dkk5GHuoIVvUXZZX49eux7GkCxwC+GNGsSSzqGqiDPLRUlJCA41P07t+IGOpqiqsJzxTNLVIYGld5JyUJ8xw=|_0659972177e0614203a099637ca248f4|
2020-02-28 15:02:04,386 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-02-28 15:02:04,386 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:02:04,386 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:02:04,387 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_b0aea386d9694b07961f8c2bbc416d5d"
    IssueInstant="2020-02-28T15:02:03.994Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_b0aea386d9694b07961f8c2bbc416d5d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>3Hm7JmXoSvbW+yBn1nIFU04oLLE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ZRvrcU5AUhBU8X8+AXrEtROkC1ZDAS1R6WSpxbtdEws9S3O9ePQyj1m6UXdoKFo0cfjfwBeqHwBoV2Id4tPFC7yKAuGvSInntD8qGvu4y/O6ZBKQ/uCN1/1dHUN9L7lr7XTnoUid2cvzTgqATy0CmGdDlC5HQcNz+Fn4bZv5CZeTqYYaxThnhxccfAUC5Y08e8ag8BlG3pLGeC+4DUcNncxNuOGwEB8XKkj1tyT1KRx2DACglYB9KuSHZ+NF6Tza6fHIxwN0ibJRMuKW0dgHHHmMwI4UeZK6Me6oR9gP59WflT6ipfDUvZpzOuRwQXNr6IF0mxZOLm+WroI8LDvwuQ==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-02-28 15:02:04,388 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio2.my.workfront.com/SAML2' from origin source
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:04,388 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:02:04,388 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio2.my.workfront.com/SAML2
2020-02-28 15:02:04,388 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_b0aea386d9694b07961f8c2bbc416d5d', issue instant '2020-02-28T15:02:03.994Z', entityID 'infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:04,389 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b0aea386d9694b07961f8c2bbc416d5d"
2020-02-28 15:02:04,389 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b0aea386d9694b07961f8c2bbc416d5d and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:04,390 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b0aea386d9694b07961f8c2bbc416d5d"
2020-02-28 15:02:04,390 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b0aea386d9694b07961f8c2bbc416d5d and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:04,390 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_b0aea386d9694b07961f8c2bbc416d5d"
2020-02-28 15:02:04,390 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio2.my.workfront.com/SAML2
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' 
2020-02-28 15:02:04,390 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:04,390 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:04,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:04,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:04,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:04,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio2.my.workfront.com/SAML2
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:04,391 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:04,391 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:04,392 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:04.393Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:04,393 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:04,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:04,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:04,398 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:09,961 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:02:09,961 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:02:09,961 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1462060697::identifier=rick, context=org.apache.velocity.VelocityContext@3b120a92]
2020-02-28 15:02:09,976 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1462060697::identifier=rick, context=org.apache.velocity.VelocityContext@3b120a92]
2020-02-28 15:02:09,978 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:02:09,978 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:02:09,978 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:02:09,978 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 5816837373b73a3d09ef039afd1a33f155c47ee8f73e006318a3704d72d31585 for principal rick
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 5816837373b73a3d09ef039afd1a33f155c47ee8f73e006318a3704d72d31585
2020-02-28 15:02:09,979 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:02:09,980 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73763ff2'
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:09,981 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:09,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:09,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:09,982 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:09,982 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:02:09,982 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:09,986 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:02:10,042 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150210Z|infraio2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438130042}'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio2.my.workfront.com/SAML2'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio2.my.workfront.com/SAML2]' as '["rick:infraio2.my.workfront.com/SAML2"]'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73763ff2'
2020-02-28 15:02:10,042 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:10,043 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:02:10,043 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:02:10,044 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:02:10,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2e460393b182a8372922b2089efefde4
2020-02-28 15:02:10,044 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2e460393b182a8372922b2089efefde4 to Response _5249aca4a37e2011aa962d96b0e494f2
2020-02-28 15:02:10,044 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2e460393b182a8372922b2089efefde4
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:02:10,045 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-02-28 15:02:10,046 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:02:10,046 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:02:10,046 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx4t19ka9Gh/HzTCG5ACZmECMDrHG32F4cxEMkGBVPTCuswzALipgbHV7it7JqYwHC4aEh7nZN2YyZV3Wj/Jjf324nbn8ZraNebwxqvxFfmU797Sb98Q2odG6569Z2bmNeQR4= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _b0aea386d9694b07961f8c2bbc416d5d
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:02:10,046 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2e460393b182a8372922b2089efefde4
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2e460393b182a8372922b2089efefde4 did not already contain Conditions, one was added
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:07:10.043Z, to Assertion _2e460393b182a8372922b2089efefde4
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2e460393b182a8372922b2089efefde4 already contained Conditions, nothing was done
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2e460393b182a8372922b2089efefde4 already contained Conditions, nothing was done
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-02-28 15:02:10,047 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2e460393b182a8372922b2089efefde4
2020-02-28 15:02:10,048 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio2.my.workfront.com/SAML2 to existing session 5816837373b73a3d09ef039afd1a33f155c47ee8f73e006318a3704d72d31585
2020-02-28 15:02:10,049 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio2.my.workfront.com/SAML2 in session 5816837373b73a3d09ef039afd1a33f155c47ee8f73e006318a3704d72d31585
2020-02-28 15:02:10,049 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:02:10,049 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio2.my.workfront.com/SAML2 and key AAdzZWNyZXQx4t19ka9Gh/HzTCG5ACZmECMDrHG32F4cxEMkGBVPTCuswzALipgbHV7it7JqYwHC4aEh7nZN2YyZV3Wj/Jjf324nbn8ZraNebwxqvxFfmU797Sb98Q2odG6569Z2bmNeQR4=
2020-02-28 15:02:10,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:02:10,049 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:02:10,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e460393b182a8372922b2089efefde4"
2020-02-28 15:02:10,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e460393b182a8372922b2089efefde4 and Element was [saml2:Assertion: null]
2020-02-28 15:02:10,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2e460393b182a8372922b2089efefde4"
2020-02-28 15:02:10,050 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2e460393b182a8372922b2089efefde4 and Element was [saml2:Assertion: null]
2020-02-28 15:02:10,052 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5249aca4a37e2011aa962d96b0e494f2"
    InResponseTo="_b0aea386d9694b07961f8c2bbc416d5d"
    IssueInstant="2020-02-28T15:02:10.043Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2e460393b182a8372922b2089efefde4"
        IssueInstant="2020-02-28T15:02:10.043Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2e460393b182a8372922b2089efefde4">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>1dMQW879Yy42XLl3REj/NPwVeNflXZIHqh1s6FvpQ5E=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>E6W2KC1bGanvxKOL+fpRMEEntAvTT8yI3EQtlP44sAE4hhRYAWYTgcqidqJLAeOhcWfjbLW6mDUsrF0Pe1u8FCV0U71knLBRB8DDvoZQFe3AtdR1djWm4jYOYkTLN6hxGvQJvoOa2xcjmA04Sip+FohAy8Rtgs9aM/qKzvLU9XErZpDj7MRpUKWpS7xbourWydtx11s3MaxX/q1nQIvqmho1eUZxlYMPtK+i/nPneJwgorKzpp6+CBecvveT2EgbBN/4mp0priGwHvRsvYuUVIbQNyBqxlAiNVahlmkCP8vFTOGbsG/pffms+gKbkHBx7o7GhTWB9IQBGkAgFDkkvQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx4t19ka9Gh/HzTCG5ACZmECMDrHG32F4cxEMkGBVPTCuswzALipgbHV7it7JqYwHC4aEh7nZN2YyZV3Wj/Jjf324nbn8ZraNebwxqvxFfmU797Sb98Q2odG6569Z2bmNeQR4=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_b0aea386d9694b07961f8c2bbc416d5d"
                    NotOnOrAfter="2020-02-28T15:07:10.046Z" Recipient="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:02:10.043Z" NotOnOrAfter="2020-02-28T15:07:10.043Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:02:09.978Z" SessionIndex="_b8edf6a306873929f27f8c5955a9250e">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:02:10,054 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:10,054 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:10,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5249aca4a37e2011aa962d96b0e494f2"
2020-02-28 15:02:10,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5249aca4a37e2011aa962d96b0e494f2 and Element was [saml2p:Response: null]
2020-02-28 15:02:10,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5249aca4a37e2011aa962d96b0e494f2"
2020-02-28 15:02:10,054 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5249aca4a37e2011aa962d96b0e494f2 and Element was [saml2p:Response: null]
2020-02-28 15:02:10,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:02:10,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-02-28 15:02:10,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:02:10,056 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-02-28 15:02:10,058 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_5249aca4a37e2011aa962d96b0e494f2"
    InResponseTo="_b0aea386d9694b07961f8c2bbc416d5d"
    IssueInstant="2020-02-28T15:02:10.043Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5249aca4a37e2011aa962d96b0e494f2">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Q0Fz9J/Ma8n70Jj/iweZLLlgV4oGHWP4RwZ7mV51Y2Y=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ihRUFGsnAcwTtynu6bEo81cGrhdm3mr1VQbJa/e+r3tw/IDY6MdFTV7bpl8yF8NQTqH0a/G0SsFfsipUJA47akGt9W0GnqKEDbQ8OkblhoboQrXIbCN+M+zbtzBP6spEZRl1t2/koP2tn3McYlLMSrGpdeyV5Br37IwLrv0P4fEFjXAZRIgJKGty0T+3ESCrK+4t/yR30cD7JS853h9zYupRVE64uCVeian1nNNVdv8gkf/+ZiwWe87udnX8sTXIGV1jDKvH4sTpBIXEt/2z+pdZ2TDQg1QnHTz/e03wEV5tuxZsCkEfv6sqvmyWukZroX+MERd55n+krh+9QTZRxw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_5f0f116b09ed6de9fec42e9d24fcb6b8"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2c11878050fc37559486d6ac19bc45f5"
                    Recipient="infraio2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NX69mLg1RdgnSJ8LEUe5xfQfvYpr4SBhX7RJucwJa4To8yEU2OPhq/vW3TMr5i+D2YJRBZOwz9HmVBZriTdBI1QFfRnTx18hKtsG/yaCTx0l1ygeVvZGt3vZn0E7CxXBcE2OkwdQzjbncdmCYfb+i2e2HudrO9SQkZ2ZlgEeaTQuMSz23uI2fdcfMEfdsKec2gwNPlRJDNWD6pl9nes5gtBzqxvTEXfNtNNZ0lFLFZh9RaR0ZIOTEGUYPewdayrmiIqZRfHskDNkGUZ06x6zZWEKXptpcxrkgYvS4mKoWi1jej4p0J7cYMULl0YEqJSdBV8cORpMs6YsuOY6YQnpcA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>5pMG5G4KLx0hrsK9BsjV48SLRtOLzuci8oA3THTIDsIbaaTRhwgsvThlnzp+ZSiuihB5hicbwEtyn0HFhymm6aE9bvtnmVx3+Y21/Rv5m4Q6hKyd5BwHig0KgZ9DeSdtIb2Jbk+ODJansSL4vYkRQhzD6HdumzWGhtD7MViH9kBEPk05FunyJRyk2iDsirq1uF0IRy3HumfQ/ca8iGYnGNxXX2IDMYepkU0xIcOxA/ebgbGJpDV5eL08qFcO2lJeCEeHKpOf5vZce0Sko6QCBaqNjXB5a03w/J5JLH3JqQ0U1+89BjsgANfa69Jctv7+lC420vSIRjNX5Njqi3RbzSgOgmTmY51HqGEorxImv/gtG1y7YqG12tw5yAhsRBrcJc+n9Zk3sQSv/dn+Nu7rKFIYFJIIIvgFzV5TzgrFdo3630WvYolrQVNC7X6lCtBhsDQ6dsSK3MCmLIQLCysydw/9EayNROII5M00JxC876JOvlnRcYdtKtJjUyYY2GfeUVGclANu4Phs6iUKFGbzHhBZVBAdrbtKtF+WVFlTkalvKWermyuhCiiU8RZ5zsec8jap0B6IieT9s7aA1SjOAhbH9QDKDxX16WpUmerqdgnDSI1n3o4uMZkFNT4e6e18XDqTLD5jrYbeKNpxfErYy4bQimoIsO7EYOIVlxR1dD3GOKt3Hg8y4YKpdMN6vIndnfz0tSpUzEiqjk+s5wDVTC1dTlOFsw6fkago8Surp67SFf0Z5f4sj4TSCUWwb5niRzrzIROh6ivw7wnTWRVUocDg+9EDXjVhscCP7VBaJLa+ckF24RhBS9cu0BuTpT9J5Zx8N8t3uVkorgRHK36E79zSwzMt1GVc8bgM2GbKKwewEZWuC1VcfPpAElLHn9nFvGIgOSvReuIQ6E5e1LDrq4Z6gvE9GpZPFbDp57OS6xax193oPYV0UOhlFAMOgWVvy6wvVis+IRJecC+n6CwnC4tsxCb5Ptl7JiB5UMbzrl4gFsY56hovK2P3wNPnlErPw3ewj69dLB83lRrXLkMKSp0jA26ROpEP1BblMLMCzLJvikT/suqcY0Tp+ivSIfUnEpGl9jsORS5+zrDRYy40yP+UOknawGduViTj6kwS2WeC9giw6OYBXQi2vCVkqTdH6Vdt2Ao4hjGiyw02TuMd2+MkuPlf66cCtbaP/8LgG1onWiEJwCn1er0s+fSddUOmc6atFnyfQoiijfvL8QuyOQEKyJgQomAqf93dCsZjjmsaUxVm13Ic00I+7Nro0beFMhValdyT986/DquI3CjSa749N47INSDMYZQ+ayAuYPKqc4UNHhS49d1xokJ8Jn/onAsN2mt96oz04eecwTUbwhG1cn+OHFGh6PmTq5rdwI+zdmW+mnXjZvDct+FII+QOBA/gvpOwU4x7a+HJWB4aUQpqT1ARKNTQ+W8KrUfWb6Gkq0WYYyPCL4v5BUMBR35zj8AYv2dwAYt+GQwDgeqY8g68FAnn7SsJIJKiOOKBAZSwQVsyxjB/e8dcLGb9GiL1WAjs4LmZdaE1BjVYpy3vjX5R2Ty9nWTmvZCiVJ+xSwU9gZcc/26e4USci5HVLlgzMFiCdeuw8enVBogTQ5QLfxDWTHWcpc3DpYedPfpia+GkZ3gGnUyVEGEXRVniYwrezyjbK00PNJQMpGkiF9gqyojFUZyR2FL5PgemD4hruFM8NWn1SMRZBwP4okVT0wQRzJhd8FqToGUO1rjIoxekqAtei7GSEO41KLZDIhcT1q1jxKdboTG3uArqfI5r1ksrfc38gi4fzyrKCxF5xzthdw5fqteV8JirOCxndpqsUYmkFeuPT7UlGGDSAR1DnzxjF9vs2WhNEOaV/G5hnEZgTlm7xZXyjVgCcY/EmAH3ymTux/sjp2PP/HHczRCcYRsAhqJEQoTYDfC2VC/bVWL90MW/EPRh4/QuoIcpuGq+9EpJ5GavDqF+Ak9lPvTAcogtv1nH2n8ZodhAsm1j9VKAEh/RC8pJvRiUj2T2pIPI8206Ys0hk1YmVmtPdUgyCxQmColnRz8P52w+bDUfsJgxHOrDjyAGwdfhXbYbzt3VUMsOE09YyDl7V77NdzxfN0mxQQUq5sKTqCDfxcQXrHbD3P2Cf4YmSnpieKHIS3J667Q4GmkHySn1eNkz7gbgQ6uX1iqTYV/ZEW9k2vDxJZTG3h6pDPeaUNlNdzkzYdo8xSYVNaD3etvb+A6HWkHScL8tQpySUuBwB8NZboJCgdkrU593CwtZmffEG6U1LWGl0aw3Mv3W2ltIrMBt9zisHMLVnd2cox4NUgTZiDxZnqXjf0Jx75P48LsN3FKQB+Sj5va2daJB0JVE5paFMox46cd2XYEyODSxMXT1Qu/DmcMieHoNPlDrIU8REVAeHdCn9lTHz/Z5QVFIqmEb8WfWTuizEWcCMJkDzwZd6A0BowSHFe7LVDW/+fJx6pAJlkCfv3dC6KwZnNTf16NrrNqYoxy0y3EK4z2LPAMUb/hZROrQasO89roZ3yn9IVOgWrFQEP45kisdldDO/gHb2F84D8IDYrGwT5iOMgjM9hhVfuZK9TRn6EY8IqFPbSyuIIDK8UAzaJ1buD0AQABN5kkKx5sttAWtSpdvurNeDJqKlmdPUYt7At3Ri4AGJj7UbpU7qEf+EgpkrnExz/LYe8zyXUtcjlUJHGSxaqPj33XBKjsN+XaBZeh4LxD3WIThTYHp9G7DDQrQs3QXL+YUS8OW1Zv9BNGW130OvORNCeWqNBDZsKVL0vzRNQjltRfd/Aub4kzBUnSZGO2sgXtwpiORM/P5sm5/RM9w8Ck4Kf7Fi8AFU7NAt6AZpIvwUUAsHH6BRrLSipWFjNT+EIzl05HCNlR/oGfXk+Ci4yPY3nTNvduHvV/SSU9R1qEo8JrV77FwnJfiMUJyC/Gi4N/HKWsaShz2/dMiT+oviCfXcdc2uyqj5EY24Ob3RiNgZLIoqrxjAVLYi+1EcP5hTSxGqC0V63SjUjU8EXdTi5b99dhaKSkKA/WdrLgf8QFX2FDmc3V006sbMgOf30ubj1pj44EKu2BYwiuzLQ1lRDHACvSyjbZfzZe1IaPtipSMAoP8Qt98rc1KioT7Ss1YrfUV3XWbW0KgquaAbkEVlaAGdxIQ2SYvrSeeCGWa+6JLvVpJn162nXlh1dgw3TUpYlNHgtoyBudT94u5F4HmxS76rzF50AfWYcqfdpAwrRVNHsPc4QEyun3sd5M5dddbR+4UES9xvjacEHiZqHFHsaEfYf3jQJOzxowgdwGqvNw3h/pTOo/g11/TZGgUGqymrDW0TbWyZgA1ISQegGE/kvpFfVKULCEHRCPNwJngvQF32HQtKTuTlHVPfVzu7tqf2nACmzDs1ZDx9BewEzI0y3QEB6HisUVXViSZTsco+YjiUCFJ2xtRYHF7WJentr/uLc3WLEKDgPuWgLMoOnhg7KhrtSjiXZjeC6LzWU/LBpsNP72eAKHqqWb25f9WNYs+883pdqodnoAPtCw8QWhNRx5puiLeQeL2sBspTZeBjRTQ0w6vveyGRewoUI1KjcWYmrBTTZm+nsxbpZkI+jwsROZJe5YLe42KGwSNbSUQHelzB6533k/3jUdWEXcamvv1VrxIylHOgLMoMoTxpc4aFxf6V58qy8fCq2MIVTbuQke+Nrap5JVPHetQtziUCG6NNDi22YoE07egQFgwKfnCjQxutCRXioGloghVFWooFMTmHq1ZEOejtehFdYwVwD6/OP6vW+Wz5UmWLrQPZCZ/BTfdkBnS7hMOybUCJdW/rvnKUcL/wnxEjKlFGQaYGnVqAeT80h64m7S131uKg2hm1MDTKvI9a0NSZN5qIMmxuJT8VHu07JQG8XkHsPAdQn7g8RD/G3GZHr4e8cXupzNyYKAM2QN/N+bInYLxxfjJrsxh+8FXIR2GLTfy2mgSTQmK7VxxHKiD1PXX6njV/B8dc+fgd/ZfQ8WDl1NYOAe5iW7+Aq2U2ZZ4CJTCQi8OcvhY7WIULUm5KoCJ45mCWpeE+z8ynj7UVDunB0BZ+xnDkSz0tRFaXLIX3pIqeTcM4KVMDYDX5LjmnR5v9bAMNUw9sH2Ou2mgi98BzfOGuAl1QcrhIWPhOa2/s4rtswodWcXMAFr/vR6dd15LkhmJFDbkn0HKoKRjJENPu66vicF6HMSeuIONjmy/CQP2J1oKShnazMBPfAQv/DqvGOUM3adw8ySeT6sLjVwTtoCHPRv+HW0fzlLYgkI3J3KP1k4m9Lk5cDOciWPlQX68WF3T3HMFkISgpjqIswYgDbsT/szGges2OJ3u4hxgZe++KkRUD/HmLbYlySYdc2wR15FnD86Hk+dn7mNrXFuSkgrj1OvUuGcdOTViliOi8CmBOwOrEUTE+LFi8S11MOKwLKDM21VK5Jxeh6KnS9Aqy4d7nyFTsJHE0teUlu8/1M+wmX6v9glpOyWZ0B8YoOKdtwRt3vSxxH9IfQ2QbUR1/6UWA6i8gxNT3W/K7SdkoaTxwf4zz2H3aBsXuvUS39Dd5tWfHNsirMGnwGY78Ez1l/m8BgFqFzg7RCqX6Am1glnMDTNrM8h6tzKR/tNJpmX7Or23cvJWteJXJk9KGYjxyo77LFXd29fifQBkFEcduqOfLzhTn1aYGtGQsNTRrg+3DyW+Kv5U668drWQ3Tk02skZLq7BwcCcMKkHfvHdROL3YXOUgIiEN33dCg3Gu93h+Yn/L1T7U+xm+9INwVsEEbJrJvZoVcfGnRq5vRY89N9kQ+8kRsvHGXiX/NI/oaWsM5Zp/VKJTI1hBUBxKsNOY5wLJYjtsDOxGG2S3ZNldM2nX0B3mbWpkDiJD9xu8NfpvpmallQRiYySmEwi3TzfV+OUSGFljAxB7jMpcg0nnIyKpvfdOlXDP1FRfE8m4zHa+IVQRVJT0RMJPyodvhKmxQwpTFqlRY2JN6gQREEqYtIpUEP5mAfim4A6rIEnuTMBWYMvT684U6aP4llYaSY6eq0hElbkhvEUFriePZYVtS2HTgtaRvweAw4YUq7MIYsYfuNg4f270zMfCasDAPF23TDVrW14EtB7qZHIZBmxUxF/x8Do45gd9C03A5ar6pw6DauCYmwUWYJC4a66+YPJoMAfnc6S4RQn/uA12kXkBB+gmVJaKUbZ1+28bW0ND4Z18/FZWMDGKFRZhBTCJEO6nRD/ZlS3YIEScczoZ0DIi5pwtKPR1ZIjSPhwY7qlO8W+OMzLOeZDwtTaY5IV8E1APMm0QH9zORp6CZ+xgg1/L3zjA9HRdyIY3gAnXpM6Q4SCzcLYVbvvMqwWyLc4CezSbvI8pZfAmir+4UEuOQ6UT0W3G40snHO+jrm4Acd3utBZibad7UXDzPsGdc2QMnkBVDRkGP4VX4W1lC4SXbRwtNvIe761shBc8MT/mHe3u9gIcNciEVaekfH2m9nbk2Z/5XSDbB54qwMtfVWPsp9H3nBCSc/iWEo9XskVgP9he8Xx5BmUr5k11cXd4DknU1jQaSHwQUP08m2iJcnmVac2SUbKmZmCTlMYdyJI8Ule2+Ny1WuKDWh0tmES3K9/J0RtYZrCAunrQeXsmaw21BGseD0W9IRDJA3BTb9tz5ajy015OYAXb2J4wVV7wJ/0pUlxGAPAGhaGV+U8JEoWBM1WyDaoMZ10rktL6RxKdYJu7k+wi5SoARuixmrQWk0IZ2O6p9T8Xf9l0yZF3MaQE30qQdEqTpevkwRcmkLW//ksEdmnxTCYL62yz6cqLemaeUsRj/suNi24wkQf6zvmCBNOauj4hLxTA3JSm6FpkguSHr+2tSF+w1gGjJYj1qR9Wj2Qfk5YSlueCSqg3Yt8nNwG9SmHVcharQ86R2fzd4JsiFzmtEt5EHWr9wYfMDsw4iU19alCgt9OREFNs1bplKo2dPwrzkeCNVC/KIo7f7Iawx2ks3ohfRc3WFL9yd+T9UOuW74qsUYnAl0ahLuWW3JbuqIJdqkUuUheobiwliUSi5I1SVb57JCy8fGVK1MA8ROLJNrvnLHEit3BvtU+zF07t3Y/dSZ+ES2QEchPf4wLzbr9wM0sXj9M65ekSv5bgIVqA9gyLFsBZZ7d7hw0SfC/Gl5xqm4Q5H1OwtMZs9Cc7q/atCO4MeFQ3O5y32tSxJhAQFU4PGgeadmGumXBMONslWFzDRh8TdXbKwGh/oIUuZ4noNGErN3RHWzXoD26V4lsAcNODwrNqtgkRczEcsl9KplD+HTfFP2mMh09iX43BMEkWZRpJ5t33aLMKdDzwWjgQtZYqgspuUvnHDvkRzAzRQeHqf6maQinqnlMkKqxISq2PNrvSD32h9+FtGC5Z8xKIcgMjgM0P8sFpaopdxmq1OkflS015pzOU7f7rSL6UDRb9X/TTAyD6m+Wtk22bd7Rzp70LjWb2wyEiRpzd+shcirBZCzIfKCM9qF7BzEOacIV4YoPXUB4ATosAEnE3UCeiKHvGjX1cY8trHPxwqjtuZ0RmjJZKsAELc1Zg+/vGwKRUHwvrbsJoa/XtFQeYGCA9Y2HtMUUnDPjvo7PMzanihfm2wYRYmPLP9x/b7M6qWa2wiQmHCvY0oN5gcwS6eHcED5Bu3jPvLOd/lXLtv8uoztvCZdeK77lcGi1O9uEr1AnnSzcm8UKIU4LvDE6A4z3rIyE4B7gUzyH/q/0sNoW6Fju/gOmLGY20OwbQqG+2OiQe7iiYMxfpZZuYhAwpXz9Qw7FOcYK1cq+VEds7eTQhJXdS22zUsxJqRjZUglYtDcKuG8IJkg1hTu1yW6XFOjXrSfvQNBVTH+bLKowR9DONKyFooost4b08uBQdURlF/DUJcO/oLZdw8xYvlMr4SVK92SghsyLDtapVxCcG3+pyJsPKSIaKnsSRUotV925zmYhHmfNtfr7DpIhoI66e4kxgTlpE8LWscwkz4CIqz+dxJLAuODAu8XIu6w+I1qlFBCkM9qmqBFglx1LNWFx8GwMHLA+Z+3ZIL3/5BjpJZ3JdtEop5WVPBsJ5nBjCNmZB0o8jJXd0DyDKZbBRhKE2ABR4nxYDqulAlKFb7xF+7LOxUHmhMKTcIcsyDiAX7uj8qdRwNnfXdEx4dpnAaeeshF259AkaoOVgqb2ZNx3NfhMxtRV+ALj59PSyNGCOvXZjOf/6WaT6i7QqfgfXZ9zfFIN38KJaH4zDzlZobVA/iVp0C4kz0Qsfqazt5xdCMtWrkhfWS5OpFPjvMondZLqEKS/fGhwxol+rHJrl9gUvEwuTCDmHCWhu8NF1qW5IJS+/C05TazPZhl8s1vD/DuOK4Xy85hbh/8x2JFUpjIfE62UycHqYhhYd8y2QnexbKIK+T8yL5CGSl8XQYYvt8/1whJiiygnvHfVOJt8SiYBMix76VgiGp+f4Meg/g6AzQt7o5QXEJ0B+ChqX5iH7ETDqXA7cueFFM9xjE2yOVyvhh3JQr3JPHkLMEhIcrCqNUvCP9s4tgZ9OTn0vABk9dA3PsdtfjJo4AuhRLAOswOGqthk4wj1p0IxP3ROylpbeyN5TqsrbHv8PeRvxm5qc8ehGTw/zUdozwkCuZ6CbmWauvhHpEZ1XsTDTHaCoKSDAzlf8JCS9sHuRO5jqOonvkLSRn+TTXvudsP4cjPOnQnT6y3SD1degUgDeeH9uszvI4eQnO8HqK2bjuP0VFZ3T8+z5V22WAoYEsQshObZS/c2oyPYQpKUeb1x/7yCrqQySU181aDGUZuXYJfl3iz5HnWBx0jQhTWN9bGlXatJdcoGuqEThY2Ch3vuFtjoR/LHag6C9JQulbCsZkiZJS2caESlOl15MJRtQPYSPpTQl8UcJ3POOPeeUbD26qjSSO2UqGJbAMeJeFsAKmORl65tFbOO4veG3ztiX2rFppP0qKWxPuRP0t5Xm0OgQ7DQD2ll9I715TndPXa4jHBpym70IWqoDYaV7vQ==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:02:10,058 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:02:10,058 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150210Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b0aea386d9694b07961f8c2bbc416d5d|infraio2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5249aca4a37e2011aa962d96b0e494f2|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx4t19ka9Gh/HzTCG5ACZmECMDrHG32F4cxEMkGBVPTCuswzALipgbHV7it7JqYwHC4aEh7nZN2YyZV3Wj/Jjf324nbn8ZraNebwxqvxFfmU797Sb98Q2odG6569Z2bmNeQR4=|_2e460393b182a8372922b2089efefde4|
2020-02-28 15:02:11,826 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-02-28 15:02:11,826 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:02:11,826 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:02:11,826 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_31488e85e89a4ca5a1828c2f4b9425bd"
    IssueInstant="2020-02-28T15:02:11.496Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c3.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_31488e85e89a4ca5a1828c2f4b9425bd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>qsDTr9iJhSNSIzXrZ+/ouACXuLE=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QKtHUoZZfy77rcGc0NLdDhE2twfYwr2FU2ANIFIW7Pkrv7w0XvsLvMn/4AUs2/OXlndH3ig66fAXb21ewkuWG7Tm1JYZYvMrar/p+ySIs7FCy0WOivyJqcZFe+kS6EVv3+Ys77et9OfE5dxE0ZhtN8FTYx+nFxkER4gfPJt6fQI4uOeYVRSbRO0EJicisU17RRRu9FcAIeQHYC/nbAxfmjF3IS0zW06DH8vbpBWQbpVLN1ZtOHMeTX/RvT6ajnE3Olko/KRFyQ5JH+1cpqZds0rstfLF/ASSSaigxPKk/QVC53MYZ4j2E5CSZCvqDcsCM5OqYzY8BjQu/b7LYdsuQw==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-02-28 15:02:11,827 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c3.my.workfront.com/SAML2' from origin source
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:11,827 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:02:11,827 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c3.my.workfront.com/SAML2
2020-02-28 15:02:11,828 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_31488e85e89a4ca5a1828c2f4b9425bd', issue instant '2020-02-28T15:02:11.496Z', entityID 'infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:02:11,828 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c3.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c3.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_31488e85e89a4ca5a1828c2f4b9425bd"
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _31488e85e89a4ca5a1828c2f4b9425bd and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_31488e85e89a4ca5a1828c2f4b9425bd"
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _31488e85e89a4ca5a1828c2f4b9425bd and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_31488e85e89a4ca5a1828c2f4b9425bd"
2020-02-28 15:02:11,829 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c3.my.workfront.com/SAML2
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:11,829 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:11,830 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:11,830 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c3.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' 
2020-02-28 15:02:11,830 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:11,830 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:11,830 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:11,831 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:11,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:11,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:11,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:11,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:11,831 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c3.my.workfront.com/SAML2
2020-02-28 15:02:11,831 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:11,831 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:11,831 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:11,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:11,832 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:11,832 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:11.832Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:11,832 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:11,833 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:11,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:11,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:11,839 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:13,489 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: /home
2020-02-28 15:02:13,489 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:02:13,490 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:02:13,490 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ID="_383c62e9876047a9ba70f08d63695926"
    IssueInstant="2020-02-28T15:02:13.144Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">infraio1c2.my.workfront.com/SAML2</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#_383c62e9876047a9ba70f08d63695926">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>Gmk5vD6VMYrjr/YcUtgMs9J4SvM=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>STeoV+6mTqH/74A0Si0EjM3RHA+GmNvO4ZgoM3WqfyYu9lNGCr5X9XcVhl0tMt5mIaX2bvoP4ZGyj3ffPkLnUl7c3loHJ2mflV13H7KQliUdx7IZkoRxysnSTqkomCJbDcZZcee8GocM63H9RgIIgKxtE5acArm/HobsDBfN8fYgaH8dtVLBTVM1fgX5Ubr1/44I359zdEZtAYLnt3k7h7QRd1gKiaThK0RfmQZsVRBj1+DUpWDlRLy069jHJIFDveTLnpHMpjX/imgy9h92PwIjMQ/EBmEyAT2bohrugq3V7u7vpCQsNjfKq3iRHF2eYNEsJ+gAsumliLCRA13l0Q==</ds:SignatureValue>
    </ds:Signature>
    <saml2p:NameIDPolicy Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"/>
</saml2p:AuthnRequest>

2020-02-28 15:02:13,491 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'infraio1c2.my.workfront.com/SAML2' from origin source
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:13,491 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:02:13,491 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer infraio1c2.my.workfront.com/SAML2
2020-02-28 15:02:13,491 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_383c62e9876047a9ba70f08d63695926', issue instant '2020-02-28T15:02:13.144Z', entityID 'infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: infraio1c2.my.workfront.com/SAML2, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'infraio1c2.my.workfront.com/SAML2' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:13,492 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:13,492 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-02-28 15:02:13,492 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-02-28 15:02:13,492 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:02:13,492 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 24244091063110477728505298488008987345604123586705169572235658400680546655043040439823001060441963627450471473651120147774627587726423146773932529197059203397706285539476644823200340379621954691986746966330068236044743193465403434236516694830003831354378903116612503228305502732679915910511804358632566348451193095262533513906787952453831183320450608317460564407976415593874525658889981487289397754141211082349144956687429434059911371073233601299453621611490966787380072028863766860304782704765787708620468025410422200225052441526668831423173565490638858572679280981009182642270738134708009502373602822008324582885059
  public exponent: 65537
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_383c62e9876047a9ba70f08d63695926"
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _383c62e9876047a9ba70f08d63695926 and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_383c62e9876047a9ba70f08d63695926"
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _383c62e9876047a9ba70f08d63695926 and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_383c62e9876047a9ba70f08d63695926"
2020-02-28 15:02:13,493 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID infraio1c2.my.workfront.com/SAML2
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Neither candidate endpoint location 'https://infraio1c2.attask-ondemand.com/attask/saml2consumer.cmd' nor response location 'null' matched 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' 
2020-02-28 15:02:13,493 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-REDIRECT' not permitted by input criteria
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:13,493 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:13,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:13,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:13,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:13,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: infraio1c2.my.workfront.com/SAML2
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:13,494 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:13,494 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:13,495 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:13,496 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:13.496Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:13,496 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:13,496 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:13,496 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:13,497 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:13,501 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:13,501 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:13,501 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:17,127 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:02:17,127 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:02:17,127 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@10563912::identifier=rick, context=org.apache.velocity.VelocityContext@46247330]
2020-02-28 15:02:17,134 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@10563912::identifier=rick, context=org.apache.velocity.VelocityContext@46247330]
2020-02-28 15:02:17,136 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:02:17,136 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:02:17,136 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:02:17,136 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session cbeae9518ec31c71c12b1bd8ab87cac1556d23a68297d6c022ca4d70288dc3b3 for principal rick
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session cbeae9518ec31c71c12b1bd8ab87cac1556d23a68297d6c022ca4d70288dc3b3
2020-02-28 15:02:17,137 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:02:17,138 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@588c4121'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:17,139 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:02:17,140 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:17,143 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:02:17,204 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150217Z|infraio1c3.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c3.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438137204}'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c3.my.workfront.com/SAML2'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c3.my.workfront.com/SAML2]' as '["rick:infraio1c3.my.workfront.com/SAML2"]'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@588c4121'
2020-02-28 15:02:17,204 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:17,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:02:17,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:02:17,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:02:17,206 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e2b1362cd5774f9c4a7261f460eece42
2020-02-28 15:02:17,206 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e2b1362cd5774f9c4a7261f460eece42 to Response _a6a22528d2a01569360ad3f300174bd8
2020-02-28 15:02:17,206 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e2b1362cd5774f9c4a7261f460eece42
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:02:17,207 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-02-28 15:02:17,208 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:02:17,208 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:02:17,208 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx4UgrJDcgs1OmKwdc0BlgUKJBnTlafPPUt6S9VdYi1HQK1p7qGvw80tyLbhmuMDbrJIbVoC3P597K1NKCFTUDTmL3t4Q9bNOQDU6stfHgkLl8rYIZ5Edmqo79h3fUiqac3lF0eQ== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _31488e85e89a4ca5a1828c2f4b9425bd
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:17,208 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e2b1362cd5774f9c4a7261f460eece42
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e2b1362cd5774f9c4a7261f460eece42 did not already contain Conditions, one was added
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:07:17.205Z, to Assertion _e2b1362cd5774f9c4a7261f460eece42
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e2b1362cd5774f9c4a7261f460eece42 already contained Conditions, nothing was done
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e2b1362cd5774f9c4a7261f460eece42 already contained Conditions, nothing was done
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c3.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-02-28 15:02:17,209 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e2b1362cd5774f9c4a7261f460eece42
2020-02-28 15:02:17,210 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c3.my.workfront.com/SAML2 to existing session cbeae9518ec31c71c12b1bd8ab87cac1556d23a68297d6c022ca4d70288dc3b3
2020-02-28 15:02:17,210 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c3.my.workfront.com/SAML2 in session cbeae9518ec31c71c12b1bd8ab87cac1556d23a68297d6c022ca4d70288dc3b3
2020-02-28 15:02:17,210 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:02:17,210 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c3.my.workfront.com/SAML2 and key AAdzZWNyZXQx4UgrJDcgs1OmKwdc0BlgUKJBnTlafPPUt6S9VdYi1HQK1p7qGvw80tyLbhmuMDbrJIbVoC3P597K1NKCFTUDTmL3t4Q9bNOQDU6stfHgkLl8rYIZ5Edmqo79h3fUiqac3lF0eQ==
2020-02-28 15:02:17,210 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:02:17,210 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:02:17,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e2b1362cd5774f9c4a7261f460eece42"
2020-02-28 15:02:17,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e2b1362cd5774f9c4a7261f460eece42 and Element was [saml2:Assertion: null]
2020-02-28 15:02:17,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e2b1362cd5774f9c4a7261f460eece42"
2020-02-28 15:02:17,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e2b1362cd5774f9c4a7261f460eece42 and Element was [saml2:Assertion: null]
2020-02-28 15:02:17,213 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a6a22528d2a01569360ad3f300174bd8"
    InResponseTo="_31488e85e89a4ca5a1828c2f4b9425bd"
    IssueInstant="2020-02-28T15:02:17.205Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e2b1362cd5774f9c4a7261f460eece42"
        IssueInstant="2020-02-28T15:02:17.205Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_e2b1362cd5774f9c4a7261f460eece42">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>2IEUH2rdb3qeeJ3k9bw3YfSHo3kwC7emg2P0EcKF2Yw=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>NI3AyKOAfzoZAZFTPjL0GlVg3/4xRX/c7SfoT2Qm2rqDdcpv1nJUORMLTc1Lt82pk2zKf+X67zanzaSGCkwykN/aZ71VQdllZhBOR2nPB7J7FkeN/ckIFwkHA/k9AwFQlpNphTm/rwDDvGD6rx7uK5P4IY0/7v27VDdJzcnQukjld/39Ak/MSAqtwV4yXQZhl3l0WAjKXyMQOGekZKIrdn5WX6Aovnaf/eU88Xonq4pVtHtRN6CeWuc/iVb2oTkMofOKXMiiy5uexX/b4gZ8593PTiFQoqGU1wXnG3tZDzhL+3NH1X1wuzSyE2QHTGrNlxPrfZNGft7IWYTeextNow==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c3.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx4UgrJDcgs1OmKwdc0BlgUKJBnTlafPPUt6S9VdYi1HQK1p7qGvw80tyLbhmuMDbrJIbVoC3P597K1NKCFTUDTmL3t4Q9bNOQDU6stfHgkLl8rYIZ5Edmqo79h3fUiqac3lF0eQ==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_31488e85e89a4ca5a1828c2f4b9425bd"
                    NotOnOrAfter="2020-02-28T15:07:17.208Z" Recipient="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:02:17.205Z" NotOnOrAfter="2020-02-28T15:07:17.205Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c3.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:02:17.136Z" SessionIndex="_513820cc022c14bb972649119f42c80a">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:02:17,215 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:17,215 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:17,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a6a22528d2a01569360ad3f300174bd8"
2020-02-28 15:02:17,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a6a22528d2a01569360ad3f300174bd8 and Element was [saml2p:Response: null]
2020-02-28 15:02:17,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a6a22528d2a01569360ad3f300174bd8"
2020-02-28 15:02:17,215 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a6a22528d2a01569360ad3f300174bd8 and Element was [saml2p:Response: null]
2020-02-28 15:02:17,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:02:17,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c3.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-02-28 15:02:17,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:02:17,217 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-02-28 15:02:17,219 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c3.my.workfront.com/attask/saml2consumer.cmd"
    ID="_a6a22528d2a01569360ad3f300174bd8"
    InResponseTo="_31488e85e89a4ca5a1828c2f4b9425bd"
    IssueInstant="2020-02-28T15:02:17.205Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a6a22528d2a01569360ad3f300174bd8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>RYP3Rgu9ySe+qYHM9z37SsXpgiINJanzJgi68PQC6Z4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>n5a3xSt0Ceakb4PCZKGDByApmWQjBO1Nz9NaB2j3NQRTtojlU8m29zFf91GHkHfK8/SNnhFHn0OyWZlscBewbQIlF/dShVQtZkrTHi9x90xRxh3P9WRSYY2frODjpbEfltc18AnAUavhRCCI6CXAzWml8ibhQzINpb7qzSopBwDSiAqzjba161PbvlJ1k1un1P1u/jOpmxsMdu8c3VRvAD2X0WBasUmKKd2DwKh9cO8d+cw4yggcLJ1Jc7ebg6yJpX002PEt1VyrH8hSTftO5nAY0GVxygbvw931OH5E6sh1F3ZZgufrZ1mDoB14IC1ChsMH77/nUdpdZUyXz42rPg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_e19a57ec2a66d9fae4af698d19fbe372"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_b04fb44263d0281e53a3bd3d7eb46a24"
                    Recipient="infraio1c3.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>BuVve11K1cT3fGIt9jd0JjFnXbag8UNgT76nEFzLwGzJSzP8IzHjtL0+biS4YbrPQspuUwKZRphdVydbFluBRkBg/JGK3psavvIoFzXTgiBSfIPQNZUQysDt0WUK4qfKUXUQz24EnDMVq8XV0TeNYxTuwiSzC0zCI6E1chICNfJ1qvX58g4ujFFrGJ9lxquDIjA37aTGswFHjRxMJhYnZp9zYehyA9piKZRlLXg+3dT7zRBX1UQ8UduQINzDBnm663FuTxpVtL8lU4R4z+dZ63Hic3DmAOUAMwJRDYhIt0aDovWneO929UdtaYg2cyMES5TWPadyb1k2ArSlGOCksw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>8BsWxH8yGRyZp3Tzx3KI7pxuZiAdoc5uERU6au//1mWsW2lL4w3dVkXjvboEf3Dhd/xKpLoKcH4/q6l14TTNJjjFKWfUy7DAxzuruqOEj7o3VJjl0XJuLZiATHWwGWZcrIdT+0LafQKSE9c3I7BJOCp4kf3m7ylOXO5TPBTExm8M4r3x3fkDqq/4+FGj8KNiMqp/OOLUPuOS5n6a+mDxHIfSpsw27c7p7NvlA6RuICUoxfLGKDKPlcA8JSFAPk+e3A4E7CZF4nweBXe8CNz+FnQVFOEgbgS2TX3Min8eov42XePnhM3B+MA13IaJNBI7x4zBKOMN0mtFmtobiknNWbDDC9sOjP0UvjLH68Ci7/A3ElcLfpQXTgAJBYrJhtns6xf8zkI0B3lx4nJQrEZALp4PcGm8f9ObRj861Mav1KRXiE+LbZZXy/qpM0yncIBZY4Quuxmy8ySPJzG2MqzmB1MTW1pAo5xYW6l6Dv9AfUD3mCTEkRBAUn/Hs2wQlyUraz4Aco4QduSGS6evtWuPf/kUx7cdn5D5nYF1QFjU7AUbZ6VXjOvmkp7/POPDdeNMeqrI3npd1e0mlR2uTL1u4h1RTHcoSF9Sw/4GbbqJb6acx5rgP0Def4rAz9JRe9B5LRQUQCZ1F8zXDkCY9rUHFiAOtRt5NKM+M3yELX/wIlvMD6vYDhiQ5OZKw9cs0l3Sm4h65j4784VcowRlT6Ile5vSPktwgJHx5M+2II/Z6jmR7qw1FxYybdXX9hPyvQYIbecQ1o9f39iZMH21G39VosBtvkvLWmvKL+xM9SGVH/D1elH1DAPpnXRmVDCeS/31FF8i+G/Jm+IZ1CxwfAerHlo8hzaqpcdt/MXvzh8PLkp0t+fzbg+J7kOXMtcvASNzvuTpRqFd/Y+pfOv8qGSGlKbrW8/8Uwn2WJkyFrVO2mgtBqUfH4TV0gi2cwHSeupHzp0NJptYU6iuqY8lmBv669l9zCAMZzP7RzH3LQ/A47bFqqX1erXLuGs5LtGxhftH9zMMwbF9bdd49ya3cel2rOEfDBL5wp9VKFi7h/b1i+pzeWD/ku/N/BxstBrHAI4djUo1zAdC9NMz1gn8HsRxbImcV0zvDnBVfLLq0aCJychnpV/HIF2ijVF13THPec6W8EtaGpuqLOYDbJmvPHJUuKsbdHJEKBAl+iUWKuRfGN56bg+oU9RuG7jCNz3ZQJXGFN4iGQyODQVo/I8DWVc0apPJ0jVCVJjEF6KwCEBEIqmvm/YOiUcZgMXyIHWDA+4P3Qdln+K8q40zrhqqNcYkoviC5o06dHb7+PqUjInqIhRE2Rk+QlWvGJr3cbFmeMdPD4J6Sqj4jJ6XP9q1YR98rGHg1rFSD7WL61DRtqv+7pLUWMVd5NutOI1iq2dJcM4XA5pRL5x3F3pgpQV+enTugrw+68f3tikUHvVRAYaKWU5oTY3mjnFeAKr4T8ZbU/aTyc1iQxshwDWYcS0jHFX6UQ2mfEDe2HyTzhSWLxwAfyY9x9jOA1uW9IFaX+/LEri9ppKGjlTHaE0KZTShgL5BmuhKuZMdmF83W6X6agiDvR1Kw6j0Dd+tujNEtIOWg11XLZj1hWc8VO/q2fiqVnyDw/EbO/tuVwxQ81bN2pXSBXY25LmnsTslRsOnabKUSNIx7jnghQnBUNxmM8VxmTz0zsHsyn+G7L7b9475mUSPeHXwCEyUAKN8oHsXifOfKtuYYXQ6ZCBjqWOQtQJhKIRHyHLXFrPAQbSGDoLi42ZlfhOWbs3BDLG+H7xpp8x1APQTouwRVNCKmh72TTeHRppTWNHibWF/2tfTAfpr7Szr0sW6a3Z1wUJ4pmL76/JYKepSbdg/F8hxtqhqqI2GMiqRtZki+uWoM4ak7WcduMSZId86fZY1D4jRApP6g7w4uEI18SLO3pXveID0JqJr/yumnu4jARr/hgAKHCOtV6yeJmKZUu3Kf4kXpa6SPZaHCD/BZ+9/Y69cdY3iRSXi/aqe4tVtYXUNGwzU4HCdOBc4PjzfEh40fEs4vMQmQ+nevt6BH9HNpod/yCEhvoPVtuUw/Gg99ywmXPnjf68Drybw6KFqvwP5eDkWcsdGxeuzy/3eoiFylimFUk6z/j8IfznQzmxsaBQIn1GJt7cE1eZW4Ke7RT9bnpZaKPgZMJ/e9twdPd/ZhvyToqsb+tN/3m/hh3rQfJjjkzl60gUdPyZf+haXHenInCxfYNO4zK8JPwqzVJQCmv5uiiVPViDdPJIWW8TUE4rVuyhwpc17qk1aN5wIAHflahuPJabnfIi8zk947XUbT8NHe+M0HbRREsOGsMeLfu6p2KtQiPHeuC8Ei+bPFy/3C7SNm8SAQtcNgYHC1fuD9Tbr/umMqdCSBZ+Aa7vOeNjKJbQwatl4/CKV8IHP+ymRBKpKl34TujaeOQ9diiUnew/OVsABzkgEFW1s4wMqHfJVLlXkyVS3dd9GSGgTxgb6mW0l/yA1gztufE+1NDN+L3nwYXge9+S12aWUQOXmAuuoGM61QvYsofVpkqCnOF1B5chOphhcfQPNFciG4+IEnGIy9cxQ9vEOMJTV9EiQ3M3YN6ieA/lgZhO/p15HXQ3qGdpIItktXN8ZgIhBf5nenPeauswmdqGbgmI8YMGdoHK8ILbOQv2uTg1K5Gx3zvlPl/bAQajve387ne+Ruy/aqJ8KQiDilu6BwiX6NbR9MV2h/XJLTJzRA09JaTpkP/m14LbciSyIGP0jI+hT3j4GEapNyxzuSsgDcDtgzHgMywpaZszuhjjrjxw+Arv0gmRppk97nTn223qB0qxR+w5IW4eHjwqC5pJskY/CzJwk78U0SYKbeg0FUpqP5q0PmpJ9kT8D+L5QBUEhXTzXOhpRkm9TIltq42M3MkdFDKZseIJ+AO7+LLmFEX6ALwgl2RQjLtb921xh0P5msUu1ubfNt8FJLDISd0eiMnOY/i71U0BisUl5XkhmaBkMOVoGAdm+E0V+fD+GyTexAnRoKJKd07rSMM9xFgUd9mrUBkZH20klLhuWsOjK2kI7dt7jdta7/PejrCf4uE7s9hF6lM+86Q4ORTkMrKfNgNg2DZbgo9VUddirsR+KgiEzK0YZUlQ9K3IfoMmIn6ySEPCt/D4uDT/32Z5RWq6bwdlfKuYtJbXb8nbyw6CzmSInOywSOEYZlEQpu/fCxIjbOhAXvbwWkb8nhTNEyhiFQjtPFv4eZDB4cADUFDtoEzeQ5b5wwTCSCEiPGPi2XsPYKi96k5L0wbTEkUuWQ53edWcKhBaTVktTyLeOMhAsS49YXH2K6Qgi+SKNZ/QAKIye3bzkDADx9AnIDNjUVCwmdKZpzO+rEMzVyItvJQ9Xdx/9glJ6BoxJMOOvOfu0jR8dfbS87wrL5dg4guBmbs/b53SsILFbBUQU+DDNxKnXd5ZY2dX1Vw5vJhoT2n15cN+/ujY0ibXvINWCs0m0MMMdajBf0HZjyhUR0Grr/o/L6BU9jwPgg7z98WuQjeUvSkBWAJqoRzgRh8Tq+6XC2ARmjM9qBa5rEYjrOuFRoxdm8Jc5URfuH9GZZt4ItlNtimMgXkKoAs6+eUhEzufuXVnLHYhlSI3Sm/gKqJCQLmdtMA0Mzp01dj0XL2QdRoRYY/+MFX4vtosrvOGbsBqYf4I7tyLJ/QBJXg/RKa5tRu7Zrt0xl20a+uL+B/3SmrI/L9t1C1gT1nKhI9Y5oi+ELb5T9KM+vPJxsKvgIMdky88n6HjSpLyfMjCtVngcTQvF7r71jXkJwNcTFAYHnCvuK1Y0rzy78lIYFxofSgGUd2dH3z6XV21unojP8j6ArTKMGXkVnoT5HNxNhMY7pkb9bNewd6Jj1wBv4kMhZjAJLSyln+se8iAFVk0WXJl+pP4lghJTi6XFi/TgxmHq5TB8nNN/IGLUQ6fC3/qiAVOmTQuzP7ywAdPuc/uBb3ypJmdX2zhaJRg3TEr8EfngW4EiuB52kBThNttWvmxYgPWuZ0etoYaSo8ew09QCe1XJSk7TgdM1XkIiw8fpKahw/U+9ywCy8a8mjzi3GLEDkKN42SzPn+MJUUHnhfTtMDaIlYNwPF/33oU5q4sPB72sUWNfMh+1rLkKj1An16nDWH+TouVdxWOh/dQCCoo6XpB6YiXBjpJMRsuWGlwLqnNJyiw7KzpFEwIFfxPj39ISLJfAAousASwHilWXgrXHFJnPxbkYlUvKYlfyEkyEhuwQETbW2kPa64i/ZYI5NVzwvI0AOj41hPSqKiZYEZvNH+zOPQRI4OgN7PoA/6BqTW+NXBBp/ewWwlROd8YVBDQrTBHg+gENKZxhIeZhgLsR5UFIVZE7TP4zThBV4rjUpPoJr451Ys2TXEPvzpsPX9SGq1+0VMZ8lGouAQw8DNwypaFNSBsFj8kmbuWOtSl+1LF0mM00vzvPQeQ7zAqs0uMNNLt/FLW9tVVBNHjH4UufFvSvL+K0d9SlZO7Z4grN4Ozg3tDZKmzq3NyuCh9LOTng1EUIQJ70C+KJNndqJZ1vHVDVdX82a7ieSiRIeSpyxqS5GLiyV+epwDSyVIOAtifByoYys0DpHHH5Uj1ML7xfpBVj5wKTn1VkXZp7qc9yafkJCg3SWL+XiXqpU/MCBBBzZtiib1s/Ub6+ZDbgtQU0cGoWkKYJ+MUSxSLd45GtVNMPbBVk8T/p5bXetmt3Hq+cwUCPNqifLNGH84UtyqYWk6hR+GICEszS8NYOGzSQVrjM6WFNM91fqZFPzVmDz2i4OCQtNGGhulD+hI5AsliAR85lL7LCTmOajiMla9sVGPMos1guAlI2OXzxp6q62OEdjF/vwJcYEzV7dWA+r7Em/U2sObreAcpon1FjriVBAuPiSUgnE52/hSqJ1vmhuVP4ZWxcygrWZLnM8yvo51wrvTLhDpQ8OrqsgsaWvhNO9YQzEHE7lZ6FL8kGF0PbkwqaQ31mCQiqJuXWqX4a/iMeXR3OK113biTaQ+iX4v2XXHT17tOco/pn/Cf0biBHQj3YVeLXCdH/rYGinf6fVeHt1NFPhT0t3VfURbT7Ua2AGubQfX1E6YU7PzEKmNApEp6ldPEkwHi7LfhmzddyH1h3kqn1jyxTS3s1jKanmLip36kDGa809/H9tOWYYtGn97ajyyr3cW7yFRS5EicCpPZTbQA7B19T4p2wwMPBA2IDAr41wBDtfp+RtcAdhphlAfx0AfeGijmpgBBHgt+vwND141UF9lB+4Zx8a4eFjsLwJGxqMZ6RMNk8fIzezinstquRKD6qW9N1IIftdCt+onjFDjdKEdPlDbLPsj4lxid9l0By9VAKMetsGWVNCxZFHNgv3aQY5TYilog9Da0dBkagpKrYTrv8j7AmkGP4EAqR7RByOekt5cdZ1HP0xXoQdA2bSVSGF7YxqWe65w7dc1nUz4qhOCZeyH2RpL2c0wALkIExEyz/uwrxDAHiYbAtbY7bfk+G6eOh4PGna9sXC7DLuhdDtE0J12uawPAFqJBRmdv/GgEtbuOHgD6tJ3tfJxsWOTdzml1lCWdq56kNErZ0Te2Sf3Mf5t703iPgzkBJJ+ritt8rmZ6TX59qUg/FVVdLYEwtnah9O/ATEvt6Z9XgVRlJfdor8cNNuKTE9FJI3AV6hzK3W9ujYMVByzBMDK47HZATlwEHSPzOS+DZHLETDjghwo+/4pfsxfnI4bIfMw4PoQX0PBgThZ3CH5FvTCQmtDWmEMGJWIci9P47dMtq62EiwPPm/kzlK5RKCaRQOiS5ADLrTVe8CIHVNeIutkaBeKvBC1w8wf2OHehV5zdE3iWdB9oOqAwEDfOMwo1LUibrbfXHvxQWy68HiBtAvTIFMagxp6W/93mhqGoYiz5u1MSGUR/YGkUBwD85wyjpXzQF8uidg9Te9JHb579GhIS1MLGTy1QW2GJ1sDDg67ZBenHCOs887xyHPLLaLEjy5U6ZbVozxwDCsYmIjeRtLCgBz7WenSBewNF+/CcT0sL5ozAIBtT5p3khGMpAPzdy765Dvp0eNK0EergWTDAmnRC5SBe+RpL50OaYfxUv5JoO/m9tekmkLN2/gex6FTMgwnZ6bz+2F2QyoT7c9i2jzncTIQ2gAbaBcn1xAOQQ3A2NkmOEgNBVTMYn0x6FyWeW3z2mWDYwjJE6GmjK5D7JCds2m8nIrkkkD56uxJKn5SxHCiUhR8nDqGWwa0opUhRgNvPZuaYEo6j0oiMkK/LcVHxYY22eO2au/MmiqFPGIRj4ybU17K767/827OKPGkv/9QKLas015y8c6YmyW4BmQV0TBtpVwul8HXgRLngpAq3J1fMoT5if6fHtk8PcGvPmvI0dV3RFV88udnI0HtS6smhwxBWLz+eUW0lP1G6ebY4vq+tWlLx+qoQ3//JhZ+r1YxnhA3+MQ/Mue5fZaxEuqX5M0o2hEfTpzjGBnq+hCDtB17UBqyubUrGTYonWiEblspWA3VcZCqDPJGvRKBFETATd/KyjkyTijGseZ46z4B+Tlc5yXlVsimdmsnCezWCPby53vylcHTmk8QrfRnyuJrc/QOA0/yDAbbGASIuV298VhaJGOBcdrNpsMhzV79bHB4XnHeVbCwb9hPPI/mwXuNWMvPNXocZFty04NGLL1dAs7VGLMV7qeM/wYVL7K0ov45s7V4D7wH8FVTKM+LAIQZsCFAAUwMdsNWnamUl4YmNbIPASVPk7s9CJMpPiQUSVjbHCWFBxxutv1kOgxXWY7IbF4FBpjP6Y/6b84WVr6qq2lDd+FYinPaNTrHwtO5RdrZ8SOG6B1SkZapGUKohuhSpwOo269Jfb0G7CbXSZrMmjZM2SINbEF3AmGxCFZjACkH4G6za7sqJy9vRkmSKdIRn6OIWYhTqYHwAA/oLEUPtUbmpivY69yaQ3EmGyd2wQTnoeLpX2mNDfiukCFsgKVAc4GL1UptzRsDRy5XxXIwLwFIdd+akOAILRa6smCLIMH7L17HzS8bYD8Ii47jRtCP6tbsUnCFK6R/NOFzL7NVtAoNPfWZpSVRQvLX3R3EO9qeL3X8mNgJnZkMKmeioBYzptEOT7SKreqGTi4bIYQOQFVFGzUXWdzi/fX4uGoKI5I8oaWCNT4H1TxAwBu+s3TklaS2NY44DBl5BVZk1QYSzaPqESIC68iDa4Yy0IIBJ0jDZPfKJDcdQ3gbgdM7nF9sGwAviTMOOCDozklREqWk9ri6ZrNLLYALjmclugod9kF4ltXd94DRjKTkJXhAcUpKkOJSN8x46VqHNpRbcV6iXWNCnTWYPtFnW8R2UZrIYVFFN9W1G6SlNLOg3nsmv7utA/3WxRGAD8F2hyG6QfvcS/D0dXcTDxbeEbObb/u9fnFpEYd+0zLKr0w8cVsgdFKU3PsuxDnUv+BHNP/y1h4NXR5AyAeh26W9WqK7MEI4pMe5ZX8m3KDiDNtYriKy6cWJAO1omlfAcwyyjO86crSrJz/xbgRQOxl5g7nn+rRc/LII4rxaI1p7y0ax9ZEtPsrBkd8KRbsacipHv/5ois9kJgXpC1Ujvbjc+wB3b5/TGljlAJVU5kl4Uo2u8g6n3l06VeNOAyZSpSW5AL955biL7KRtlFb+KiXag8/nsbOxxCj/OSa1eHH3RFkSNMEu1Tnl0m7/IHGIj6fsOTZzmjNAZFczW8KAiHol9GVxX9yOz4UEMZA+yPvOIy385q/AQSt1JtVysmAQ3WBVO3d7wD3ZxLemyYRxgMqtMTGVR6qBpd9p8ZavsXPwpY08oocs2MPJ8UEa65QVsUok6G03VXsW+6uA/t4zN0TD4+eY+S+FEcIeMG7JhtzAzVc/LMcqBIQcf6gMwSfRF6KniOu8s+QEQujXhhdFSp1KhCTWFwNt+WdPCgvUXsvmC78Shv2n2zVTXbQ/CpfJJGfH8aCjvd+wfYvr5bTDYmQiHTlRSix9WYzTRlGNfkyLtjKOevCtLBmD1aqU7ds76BwPugIx0=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:02:17,219 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:02:17,219 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150217Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_31488e85e89a4ca5a1828c2f4b9425bd|infraio1c3.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a6a22528d2a01569360ad3f300174bd8|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx4UgrJDcgs1OmKwdc0BlgUKJBnTlafPPUt6S9VdYi1HQK1p7qGvw80tyLbhmuMDbrJIbVoC3P597K1NKCFTUDTmL3t4Q9bNOQDU6stfHgkLl8rYIZ5Edmqo79h3fUiqac3lF0eQ==|_e2b1362cd5774f9c4a7261f460eece42|
2020-02-28 15:02:20,807 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:02:20,807 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:02:20,807 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@183826815::identifier=rick, context=org.apache.velocity.VelocityContext@30a6a534]
2020-02-28 15:02:20,808 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@183826815::identifier=rick, context=org.apache.velocity.VelocityContext@30a6a534]
2020-02-28 15:02:20,809 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 72d6ecd7496bae524827fae7af6af8e3f57f1f52e37729ad96bd955786b8d263 for principal rick
2020-02-28 15:02:20,809 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 72d6ecd7496bae524827fae7af6af8e3f57f1f52e37729ad96bd955786b8d263
2020-02-28 15:02:20,810 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:02:20,811 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@131279da'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:02:20,812 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:20,816 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:02:20,875 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:02:20,875 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:02:20,875 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150220Z|infraio1c2.my.workfront.com/SAML2|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:infraio1c2.my.workfront.com/SAML2, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438140876}'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:infraio1c2.my.workfront.com/SAML2'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:infraio1c2.my.workfront.com/SAML2]' as '["rick:infraio1c2.my.workfront.com/SAML2"]'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@131279da'
2020-02-28 15:02:20,876 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:20,876 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:02:20,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:02:20,878 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _134a63ead8be15c1d1a373dfe55a16c2
2020-02-28 15:02:20,878 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _134a63ead8be15c1d1a373dfe55a16c2 to Response _94349da5ce56bed695aab4af7167a041
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _134a63ead8be15c1d1a373dfe55a16c2
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:02:20,878 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:02:20,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:02:20,879 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
2020-02-28 15:02:20,879 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:02:20,880 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:02:20,880 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0Ty/r2PJ3MBP2pLwK5zsH2JYO26ss1GkBebr89CHi86B2oWQ02Q1sPvkKxTJf2jyWsYYa32LPDrEe2uXiWJelBgLVjghMIQ3NFpbq1JMk7mEFxtuTQ/wCNN08vK/dxn7b7VJMw== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _383c62e9876047a9ba70f08d63695926
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _134a63ead8be15c1d1a373dfe55a16c2
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _134a63ead8be15c1d1a373dfe55a16c2 did not already contain Conditions, one was added
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:07:20.876Z, to Assertion _134a63ead8be15c1d1a373dfe55a16c2
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _134a63ead8be15c1d1a373dfe55a16c2 already contained Conditions, nothing was done
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _134a63ead8be15c1d1a373dfe55a16c2 already contained Conditions, nothing was done
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding infraio1c2.my.workfront.com/SAML2 as an Audience of the AudienceRestriction
2020-02-28 15:02:20,880 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _134a63ead8be15c1d1a373dfe55a16c2
2020-02-28 15:02:20,881 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party infraio1c2.my.workfront.com/SAML2 to existing session 72d6ecd7496bae524827fae7af6af8e3f57f1f52e37729ad96bd955786b8d263
2020-02-28 15:02:20,881 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service infraio1c2.my.workfront.com/SAML2 in session 72d6ecd7496bae524827fae7af6af8e3f57f1f52e37729ad96bd955786b8d263
2020-02-28 15:02:20,881 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:02:20,882 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID infraio1c2.my.workfront.com/SAML2 and key AAdzZWNyZXQx0Ty/r2PJ3MBP2pLwK5zsH2JYO26ss1GkBebr89CHi86B2oWQ02Q1sPvkKxTJf2jyWsYYa32LPDrEe2uXiWJelBgLVjghMIQ3NFpbq1JMk7mEFxtuTQ/wCNN08vK/dxn7b7VJMw==
2020-02-28 15:02:20,882 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:02:20,882 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:02:20,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_134a63ead8be15c1d1a373dfe55a16c2"
2020-02-28 15:02:20,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _134a63ead8be15c1d1a373dfe55a16c2 and Element was [saml2:Assertion: null]
2020-02-28 15:02:20,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_134a63ead8be15c1d1a373dfe55a16c2"
2020-02-28 15:02:20,882 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _134a63ead8be15c1d1a373dfe55a16c2 and Element was [saml2:Assertion: null]
2020-02-28 15:02:20,885 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_94349da5ce56bed695aab4af7167a041"
    InResponseTo="_383c62e9876047a9ba70f08d63695926"
    IssueInstant="2020-02-28T15:02:20.876Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_134a63ead8be15c1d1a373dfe55a16c2"
        IssueInstant="2020-02-28T15:02:20.876Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_134a63ead8be15c1d1a373dfe55a16c2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>deTu9P2IRvdw5R8Z9N1Bkz3J1hSTkabZpIrjX9U3sD8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ge6BTU27Ih3SfRtoUGfAjpGmgG1hN0/TYL5sZFIjAQjI2aar+yNQ3ZwSwHQbZtuIl41nTxS4C2Ji/eK10w6B9NdzcUOwFWX8LoKxmAP1TrzOWGRQUS5YvsPZdCf/RCl0I2sPX/gYkAy0Y+WxkKCW4rTOcr67kCqpGcdaYfsEVtnxziE6/58nY9PA4g3CyYTG1UfCEKLaBmmSaPUmtrFUUogPbH+GK6ZjNbRRQT3MGnABSUWscOgLaAm3FBX/WjOoMkxuMWt9dZ4QpSVlJ/RFgCfxdZ1hh0SRxZpRRuOCw2mJtChyLezdYkfeLOwbZ7zqRAPMikqj7Q0W4lpscGGJkw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="infraio1c2.my.workfront.com/SAML2" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0Ty/r2PJ3MBP2pLwK5zsH2JYO26ss1GkBebr89CHi86B2oWQ02Q1sPvkKxTJf2jyWsYYa32LPDrEe2uXiWJelBgLVjghMIQ3NFpbq1JMk7mEFxtuTQ/wCNN08vK/dxn7b7VJMw==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_383c62e9876047a9ba70f08d63695926"
                    NotOnOrAfter="2020-02-28T15:07:20.880Z" Recipient="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:02:20.876Z" NotOnOrAfter="2020-02-28T15:07:20.876Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>infraio1c2.my.workfront.com/SAML2</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:02:20.809Z" SessionIndex="_d0afb3dd54f4fbbf514faf9b637fe8df">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:02:20,887 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:20,887 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd
2020-02-28 15:02:20,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94349da5ce56bed695aab4af7167a041"
2020-02-28 15:02:20,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94349da5ce56bed695aab4af7167a041 and Element was [saml2p:Response: null]
2020-02-28 15:02:20,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94349da5ce56bed695aab4af7167a041"
2020-02-28 15:02:20,887 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94349da5ce56bed695aab4af7167a041 and Element was [saml2p:Response: null]
2020-02-28 15:02:20,889 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:02:20,889 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd' with encoded value 'https&#x3a;&#x2f;&#x2f;infraio1c2.my.workfront.com&#x2f;attask&#x2f;saml2consumer.cmd'
2020-02-28 15:02:20,889 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:02:20,889 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: '/home', encoded as '&#x2f;home'
2020-02-28 15:02:20,890 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://infraio1c2.my.workfront.com/attask/saml2consumer.cmd"
    ID="_94349da5ce56bed695aab4af7167a041"
    InResponseTo="_383c62e9876047a9ba70f08d63695926"
    IssueInstant="2020-02-28T15:02:20.876Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_94349da5ce56bed695aab4af7167a041">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>mRFBEqwhGQBeWUkosWo+9jVggZr2IFtozUoTFzP6dp8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>AjXdLscyTbbigd1oVIVgvS2Kh09x4Zk0d38LPjjWVCid4lysnkNDwZ1gb9/lTU9Ci2Bb1xJlRYEWdq/u1YmZth3r4QeKtieVII52b1XhSPqYY674xNEZQjJeD7cTHTcGa/7lMvQ/ykyBxbjOhZmMlTEGcSXMOAvzB3CnO+OsV0FJUGdW54+YTFXWRelJ08AvdQvi/iBmzbUX99bTMyGnNCxEJkf1h5Y9Akp06+ABl1MZ6KF6tavxxijFBo760Y6hU5S23SnxjzsJ5ejZZtH+V0oGj9oX52u9I/J7tslw0P/YOFFlOAJRdfx6ixPj9PewC0YAgwMOkN4NAMQOboXP9Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_c4d283d460e11a9db55f845f2dce97bc"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2ad66aaf30a69e9de89f1e1ebf1eb935"
                    Recipient="infraio1c2.my.workfront.com/SAML2" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIFKTCCBBGgAwIBAgIQD01PjbApiLixF+MyJJd/NzANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5EaWdpQ2VydCBTSEEyIFNlY3Vy
ZSBTZXJ2ZXIgQ0EwHhcNMTcxMTAxMDAwMDAwWhcNMjAxMTA1MTIwMDAwWjB1MQswCQYDVQQGEwJV
UzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTEYMBYGA1UEChMPV29ya2Zyb250LCBJbmMu
MQ8wDQYDVQQLEwZDb3JwSVQxHTAbBgNVBAMTFHNzby5teS53b3JrZnJvbnQuY29tMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAzZkWvXvDsAMjEvrEBJIjfjOjiQYxRb+mm+QNbmA+5c
+wCEPyjNVokE2TmW/krNxPzePh13mBHK5GdBQgug/oo/fnoo7Lx2oJcLld7tMmYk5cGnTg+h91TP
GJ8+Qtvy6ebkrnOBEIibiWVVupESX2F1ziQrz4TUaiZ2F9VyXEuVrzZnFkRtLsko/l18YJz9o72x
vQKcC4XfzQPHLb4vNgNYZQ0sPGnXgBInYYK4R7wIGg7qIrcshBwpQSDlnNxPFSare204zMJUaTG5
Su0ONmFzTt2SSuJ9ALOG3WygWZ5SwGpU5qlhaZSoRBoxrg7eXOorSbVwNHR6YH5PK3VGwwIDAQAB
o4IB2zCCAdcwHwYDVR0jBBgwFoAUD4BhHIIxYdUvKOeNRji0LOHG2eIwHQYDVR0OBBYEFFRxiQs8
j7VUNRDOB9ueWqfcVDknMB8GA1UdEQQYMBaCFHNzby5teS53b3JrZnJvbnQuY29tMA4GA1UdDwEB
/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwawYDVR0fBGQwYjAvoC2gK4Yp
aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL3NzY2Etc2hhMi1nNi5jcmwwL6AtoCuGKWh0dHA6Ly9j
cmw0LmRpZ2ljZXJ0LmNvbS9zc2NhLXNoYTItZzYuY3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAEB
MCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQICMHwG
CCsGAQUFBwEBBHAwbjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AuZGlnaWNlcnQuY29tMEYGCCsG
AQUFBzAChjpodHRwOi8vY2FjZXJ0cy5kaWdpY2VydC5jb20vRGlnaUNlcnRTSEEyU2VjdXJlU2Vy
dmVyQ0EuY3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAJ+8dwAkioHtTSfl/8AY
50Kw81NSgbpVNUTt72Zvcysdn9xn6Sk/7VYH6nUoIUalvOkXhfcpDabahSOhJQxgM2hz5RYFEjSU
a9b9ZHcjgKtwxTLzGdjcP9P3DaFQQcnrAdom+6lCk87hK3Rvxy/szdIb4tmJpVjm74V8D8LE7I7J
eu1DRIS0xb3gNMKeqLtRL9DF30gmF2W5asvbuMa2QqY+66xTQhNXjq4QDh7NliORLvM2T93hL8rE
dXtwLex3vDsNpAECHG7Ui9lqF3trjTzysSSXp1e+DazeYf/kcNVrFeHCJk0Gmeb/CEQ0foqI2CQB
tUwWLzM/gBgoOrY7XXo=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>ua/QaveRBrWaBgQwapguroFl6SQKTt4QUWdUCdlBH/PQb0SS+Hjm+AqZ/EX+3CYrIcIGssxQqt2HGiSYHFPmQmXQTYnEwD4tPPgE74uNRec88TOOLh6fGwS2ewLoHAmJOza3RCgxT7vMIsDu2CaTk9bToMMxfMY4Ucw5NFbRjeAEkDiDBmlXOUKWYLA8KKUA46nGNg7l5O5+M4cHxEqFnbp8jU9RItd1NqZSpWsZVCYhls1TWvr6X7Z3a68HBqOtbMURexDc9xqg53w7NZjzYabK5y4Y1jBAzf4Mvlmq0Fdjnp9QJzjX5UsNcPrMlhvmvdrS0SW8zFoSWxEPZdkgfw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vAOiPTY2ipxsaBmcq4tVXguJKJSpbrikMTx7EAm5Pp8hcv4QEHuaU3uF+WuJAtak7aWC9fh2cADQvs7qejLTeoKwnElsQwLUyCoPGoYOvf9tFsSw0qs7Q9wTEMF9RsXU7+Bv9pnAI/TedIoanNwXGk54+soIARH8Hri3OKemdcvcSCt7tmWbiHYmEnQJNw+CAoYNE+jX9Ef2xeN1Onwp1WRIP4aAmrS0TVPbEMP3y8uFrgaxsn/nGlSNHQjA+sOilqhNUvXPaKX5ApiQpWs31B0g9Nbf+uPhoPFf28eq6e4t1ymCENLyRq/g5iBUldQ5AbzB7vE8dBYxPtohSKr7/7QCYg+M4k9+AojF4f3G0MwRDjdsDbpcv/zRr0jd5P1R1BGZQaCQamLYMmj32IfMIY0gvHUIMSMg15fvAniUo+XXYnKojwQ5XJDSzwKd8KHD/MrKHewr5Es/G+LMEF2I1xVmkG/qcJITmFmfZ9zfsavDDKzm1mzqEJJ9Z4O/BwM4Olzwk9LqSCg+ERfEPgH7BnG7DoChTZwbAPRAzJUk0HpSfXThVIOCUc/jdVcplx9O8TaHQxtVLReGQEZomLe8r5Iqg5vEfhmMCPzz/T/SOB5args8LxeNuPzVndheh5+b5TgRyzTMQj+urJ+xQdIbAilIRYj7NoeeLZKzKSNO4EqwZhOHbSn0pVWmMFkdS6bQeCH8vYpachusl6eHmw5iBpX83AkKEoaqk00wsP04dgw7wLSgaedICBL43Zq3oa6p/rdEiwsXMA4qEPza7IjOfsjY/bCgc6YyVzmEmkHjZotZuGpQrBQsVUvH2WSgDpbdgjgbGi0tw3eH8bLZ/2eyQF8ewnibCzlwv4etVYNmCNdHW3kHH36GrUKnolyE5QbmvFrgQBkAOhLOcaKR087FZCjm59Offe0cJXek7CO3rvOmH2KPBeYqBDEJ6jUdZtWgBRP7JWmt+SRDSzvf4lUbc8iOqWNB1URzrTjejPpf0wNugZD56cG8e8Srw6OI1S5Mw2oq5B7l1nfzxDSFoBitwSbbGGeLv6dO3OsytIgmLhsIZhx7dSgoLYbP0YsUEMP82a/0Vf8HNTQFQB5NNSLvvO/1TuziUMTFXi8mf8ta46ncPlZtB7V8f8Bk5Kl1SOcOSnR7v5OYp2oWO9vUMgWv9wWsnV74BuEiQAlTilERzrJGxUsCf9rAvgCI5fskwPix2ejzxAunnkDBqGSmZs5QiOQSKVx3G2WEtBIijeb6Rkqo0/uO9zyqbw5E/6uLulDD0P3MFIYDpBBzauPyoJc8vZRjEpkKU913+y3fv966W97Z/OFUrLo8iDisSBXPMOMGvTbJC0d6r/UU1ys96NEiTwoHq6aRlBskbF3PPcJbjb4PeqzQn3gsprv3LMhnJiJRBkaMfqiU5PkWYkU9zWh9bBgCADD9pw4t4EtWQSpfFN17CxXmQY+crs0/1oy2oQYt+2ENq8Ux7L4E1A2TX7qqAqpbse8Bb3VejFKGs7iw2zetg12V2fAlvXsowG3qaLi+e5EHPItpEOp18NkJnesw7dWnNwWGhkdr5D4Ntk2bt3FY3TJDE0uL192XWu/XnugJhJleyl12/Jz31t2V11vb/0kj05ewrd+O7o0YMHsiSpkH93u3XjsGzPv7cVKOKnRRVja0swczeGKArDUHP0UqXPruaGgjb+zjP86Zz/YUpk+wcGIIUKC5PvMhxu52ZVJ/wWx7vfw87778SDyFuMwaJ4O0BrmFYuWG01XPr7+L9MdRTrcXp3rVVM/paDKCPLztLiGNViIBM8kbw07pta67qFUX+3OIJDIfXzfwR2w0/zV64+IWrRV+Q4VLYvcjdT8f3lG82ogFIEiN+33K6tL8bU+iprUZ4h5gJ7KfxjgRVdh2Gl3tG8A0Cru5+9QrbE4neH6sGZOJcG6yycNyyYHiC+f4hU3+QIMTX/jQv54W8pGBgmpRhzlUnz3IjZhgJlt82HIOjDwtLXpnGpyg+yDoWzxWg+eUhHe3LcQNW6zRG8t8oulSneQCpeneyj8NJ74Nh/rPgJYQwqsbkU34BAsAtLP0Wlh7amABqB90riTWV54lTE7zIir9iFhLgSnGoo9yrltE1xbB5cqSV6DsFEdGGJwtw20knZXSxsYeeZamMj5WXuAU+uO4oIYK3yo839sm3PaedfiZqjblwQEdPdmIZe4pyu+waij1pLeqnvPizPaqDmibYXTbWlCDspE0DTtBmVc242iVoKZaYQzQQd3ouCR1y1O6gTcxugPcKJ2i8DETznUu8tKCTJnmRfy5Rrm5GTl727b8Cj8SjahqsSme1aLkrkPexolgGCiT+NiE2nHTFjRANce6/R4DHFvNWCV/OEy0r7OueJvOHEjTz927soquKy1RL8W8e39CNeNPESdBu9TMOfbFvDZSqz0Om4YqZ38PeQNcRDBRyV5MEwCgOH654Gcmz5Z+udmTuCkyghGB8weXDO1/kq1rc6XzIqvBQ0hJ8Ash3O2LQeyL5E1XxX5t02XQoBtcTsHeEcN3+pVhxFirGJfFbXjcdXxIt1n1VAK/bKN3RMRYsCTuS1LVw3zhzWeWw+c3NIxsyCccyGPLIzgQSfG5zjnEENM+LGzsB0dWvxri/BLCJ6abloGNh4EwBL+WQrQkBtPZM5+kjsmmiYUj1ECCkdVmoDMbcvm1F+BmA+HJFndJGROXQTOFCQ0HWzlhwFdhWX7JyIAWXoEo/TU7W522WS/SLBbpM4l10XJCewZ8vPrP6QY/hx9uDoqeeKzZzm36Dh11yaffqvrrnXBNl/MRwsjvpzZ7i2pNBlD+gZdCWuKh45ZIVPhJ4wBpE7McoayY50gm6QtUwB7XmsMeZA1T8qyoe0ibmoyS8WeqHTnSo81VHUnUbIufUa1ouI9m7bhZbXL1ZIEcWUEPNYpG82CIpj5FsiZNju4Vcl6NAhlshbMEQcpEWiAR8tzlhcAf3a3Ep89vK/1UtfZ5olFYmO1ayHBUQN/2M9m2/O8QcPBk4AxQ59qNeVqkemymAnbx5uD5uXWke8H+84obsS/PkxZFzM3fvcJBdOaCxvifyPaUKM/RlkdykiSRwhOQgWX8FZKpSVG2d7C/8fgLdOvR5X8ibOJUtQcT5eFijYcQPCJ0Mb/Svj7/MWHw7u26Jh9bkKJxI2SKX07JAPzDO5Px25Cv5estbU7ReqruuYQt/Dg9MmpiiwApzDTgTnUAoe8Yg9EvcI8cdxMuRYEyHlV9+uvqWB0o+nXxhnXEUhYRVzctOHIk57nfOAL6AT2mIiWucDeS+Qka/In8WTdLMmLnf0mtCEkx3QB0jIDe64jByVMKgSVg0UvHKLB+LZNpW3zAJAdjtgVTS6QTuLU7t/Lo2sxf6Tj3dcm31ppg3aye4mEExmAnyzrgVyilpePY8ienIKP8v2NywqEjalcfnVVsh9F5Gu3ixhwGclYDN8n/TAUT04dg5q6P1CbrWXysznTbptcEE8JjwBs/gTciXUESVR0Eqq7StXbnAd/slI7DavLIyguaE7dCLiOAmzz3wkQ3q6VCwHSqd5pzyoMw1ROZFOKCIFgu0PSdgU7LRUCmDDW2lhUtkhm19Av1sVDA7FmG0s9yw4E3WOhoT5TkA7rJqhh0jNrgzS/z4TBWmXMsB2ALEsv9BFRLEEArVYLZfjOby0ZFjy6Hw2KQ/5DvVfwDSTw/ecWN4K1Baqu2tcDUDZsu1weXf2UOcDztdR4ITsrGL4fYCIw7Tw1KHnYUseDF3N0MvVR2GhAKS6f4daX0W+YUf7DD+FWGZV6JotCKk/KxOnBGjmKazod+g3yrN8/b5rKec9ddpgZ/84XZpjGmucJM/yFepWENLL1prC8TFsjEDW+QtWLgIkmbbPKnIQ+cgQHUcUEFJhB3R7en1mzVCTjkNr/1DIW8Hw6MS8PFJh2Euld4hhpB3bYkmf3883AABObb0Qk0FU5y3faKuV1o3j97aMb9ziJlDuUY6m+PYKqm2Mhb0xoC7MB0e0S5DS5BSt6vbBxSabWwRfsCZfn7kj/2vuCvjiKnL6UuergJi+3LbsueK1LeAaHQYiuLb+kVhySNt3HODBiHTv8ESt1XkRrtnhHDYmx8C+gu5q8dG1I66rPWVPvJMVWCnnxS59o/OelzCNFFw5VEBHe6xn4PNdmGRK3rn6yjzBCYuJA0mrHa00hTPijZLH6Wbmggy/Vf300SKpiOQFc1QUO7qKIwCcgU9DfhLQP3EAq7yWHpc8L0vUsNZVQLi07KUy1xzqL4FSjr9sN8k0eB0WRm8BE9yR55lDdFA7p2AoodVmyqhGRgR3fMOWE+CNV3aNjq9lWP1z5yM6lTabZkUjL0ZcR+rRgB0KXILqu8h13Ee2re54g6mV4UzfmbOHpXqbbwvw+3YRNNVRb17/6QLv6Et0DQdxrbO6nR6qeet5gH0vt0odaR0OdSQ+QxytFd2Xnxotp5nFt7LjAsbRKLIueTvFs1znFMYux+OHvjoOq9062us8I+ZI37R6IcwwwvVYldlzdlNXxcOjTvVIFV5HA8C2IGoRq4M5ufEUmHsXhwplGGniTEuxTy2aJSdJyXgnlXrb+tJ7jqQITtRstn4zei0YWFJM0Yel5Vsbrje4pHf9ziwESIZ3jmxTREfRPrET3400QoHpe9N0UfYIJvhfJjlmb79PixXpbF/U3OeKAQ/BfJXmp4JVw8VR5LwlVKtx4DMxFFACtiB51gQu3uM5Mb8pZv5PXtc2XvE+4U10xhaBRxqFH+/ZnxBIbwbDKOyDD+mYcRcgoDO7XawGRjU1wgfzuPvomcZl2mXkRt4Z6IU/8GOKgnF3/z1rXGEqGgkfGs3Q03Ng6/hYCGlrqyHOlHHMcJh0jl5/N9umjXHofu0M+IYKLxZm5UV6Giqr8URicIzr7kJEJAtNTg5zfEoQPukNSpIlskt2DmudMAqGnemVK14mnJRpQu5jZI1toFD5gq0zmV2rxWHsxJrHE1ld8Zzggao33bU1LCm6LpKlcJe5ABg7iCdQdeRqTLOB9TxyxFA+fI54UR9DU+xXkvs3iSdL/ey39+kkeKNP22Nwx5iAGPyGZEXf2wwyxh1dJ4EB5HpOo7/8t6PHPfLI1yq/Bdzj2adqi2bg70gGBQLnNNp/f3dLTKsMjjMKw85tU82Fia0cNouN7OOP/eoXZ0wA22qltcU0t6kSDpFS3roVqi9vYZWrfBbAn3ejRHuuKfa1bKFVy49UGiJutf4RT5Rvh+T93I3SM52CLdrOZONtAWsgxLaOkdqhec3ujpz22kVp4Xy4kAZRZa+AP69RRxdi3EQQqQKIOtTM2tSO+//5/E1giyBrer47yIQ1b18qKEefizv7ETPOYJqRv2EtA9XpEaSExfIwFl1LeyETIDqwJf/aSgh/WOsgLX6UJnuKq/LMIbH2uxj0ErKKHZHxnHdhImVV510Z6y15n7w7s9ASHkdgXRYFGLDNLcahdA9p26w652nSdyVJj/COdfazu5gXgiHJUsQ6d2FqZbWSK15ji14xmDDopflF7lidD8yHIDOmUWLfQVg12LquYKJGysdGQJS1KeQ/joVFrMFQ/TaQnXcvbAhg9c9AQdORnbM3rellObo29u9cI8ceFUUSm1/TU4ey7u2tN42t0TDyCf48HbYIspYuL1Hbsa270b3cp2P0yLYKMDzMm0yufgrCnHqAF/wGGFPah9NDrN2kIJgBBmlvtwwd0/jGTv0C8T/+sGJORwXouglupoK20IGiOZnM7AXdxMco8e4kNE0+J9JfjM4CmGABGU/patrbztpT/QlDvSYdTmrwoxMDzRdfXHwTyrLXF/Bv5Xz7gx/lGZBEamR7NXR/wIWQArLm2MNjLo1U4dx1i5UT84LorXjb4y+K40BJ10h9W04WNf9VQCPcm2HRaHWiJRyohGbxf8T1lWjyn7EZZyezMek58SRnClf0FRkrsE06kasMeTBi0LNZMWHCvMefOP0HcR7vS5Jqv+HBumVaBSKdSyLPVlA1KTVVzTi+EAHaZ2K8eGDuNiQ5cz0WPnB7dAQzVW4cBRBqQeKGJjRa9J82dwwMkres0s++uaCg8l/Db/IKUfN1znveocK29wToDvqNI5qVWLtibYSQYZlYPjbVPql5hYo5egCY9j5QESQjEtTTDvxqvKYG2lBN3zycM2EEhizhlkpwuHU3wRz8+eIOH9MIhrKP6wtkepv/+fLVrNiqPWIfNnBluw1P/0LdC9jrSYNEybcsxVu9BLduYeMzxKu22AG5hauSms9b1771UQL4sdsan24fIcTebkSeSCV3usdWyAekxcHNCjQsP5ixB7XmAF/qF2A5fFZD17j5B7fitM7wKUhhikP8vtH1S1UIe6NNShGRnneZhOzVfJByHeFUM4r6niM6bFU4FrMyN+7YgkUSDazogXOiIizjw8mVnYE5+ObfRSBNg+KCSQXw5mqe4OsdbCF6vLrVjhT23S9rGMRcmON7pBAPbkcfha9BGs2IN45xgVnrp5gHrLdP1wfBvbWOXvQXOrjeVF5ZxHNJW1wH2gVNu7ZfBw8eQrEnblfBYBSUR+ijZKBuvFl56rIqNZbcyI5/s3ouVXfAl/Z7vSfzvNZ9ZSHCfCMhwjJdLP7sI8TFqmWnOV/JpQrAN9OwGufid4ZXgQwJXIZhoZdKGAFKCJSUEv2LSGYRgbZByVnPIm4KbUGQfMHniSvS7sj27FpK424hR6X1wB/Tv3T8jeQZIUsCUBYu2PmpS7pgPcmn31t7mB23pRH7ohPxDRWEyUMUAmmTGuWh+gMaNlvvApyncYNHmxivwHG7ReaOjzi1Qzzyb69ceuWKV7spJMHDNsE840lPnGuqBD5f0MgSDVgpxBgfeSITPqXb+IWigpRs3VmeXT2rhixX7lg5bTkWHOExqFMdHkQXbcDAJOts0PqQwWhZsu07JqqhQyIPk8bm1iJGQNjjcjW1sOb2egMfnVCIWSrr9r4sE76F0osBHsFMG/EI0ZWWPGaXp8BOaCDrtgYK5J1o9k3wYqMkPtunDs82unCjBNjDBlZ07HJmo9MMxl1Zc5BDnCl1ge/3goUR3hwP5ig2Nvka9Q/ltIe/10t6oujdY23mow4pMOoayf3uc6kse1S415rCxEpr2aYRx1QH9Rxa7IW1NHc4bRHa6LhnIa+UiLHEMP+iDPBCsPgAfD9nkJ/l5SHI9C9MxCQ4Ezz4DNE0LLHd/sJNYqMbhA1jVBcatLYgMJKKJNYWUghm0b4QC01CO2Jdt0y2segMsWmj2+ilcjESWhgKHkWpRk5zCD0Bk212WSK795kZkGkR8jAnKfuPR0DaoLPZEV4fj1HUq0JASolTr2/aEbYJPdF18Zbgsz85/flBy/qV5Rr4jSYhmHFCHytT7SBagwuRwvO0QU2tjA6aMGznuJ4xWS/O7GJvHZfZKYRfikwfkMcU85if06LZ8AxaWCzGrgj2w6C4Coa1wNPD1DuS85Q9v1htcS8hcA/NUPjf9LQjwJKBoSGBESN1SnyIOAO7CKlhQAjqM6hzYmD+/BS9W1uNC7YzPQkwcqAlx0A9k8YTaib7fCPF71iEv6Uw3wnHMgbo7lo+iM1UOeAn+XTknnyLqdQR+O9aLkkQCkvM0qbgiSIFbYtjvKD4OvddCnARfM2K3id9zCF9u8zT6LzzS6KRB507vP2FGtHF15Dx+4XbehBLBLn8LZMZKI5RyeynpIvoJf3BxSNAIusBnwRODQFiQFnTNHGVn7k64XMBMcNwDtPdv7v7OvHtQA7OtDsw98fuEhZ3w2PSwSiWRitZASqxQeKL6ulg7NgP/n3ji0eXsBsjchAyiXH5hjj17VMRbNPjf5z16ufF+TglbE0jJfnBTw7/ylGbrbjLaGsEOdx7Zh5jE/5Nw3MpjiAxewKjbrFZe6kjcUAZhKHhgHSVk0qmTxYHWWNWyxaskxDeieJRbzd4coSYu9mtDPeo+tnp533xYb4vFR0HU=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:02:20,890 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:02:20,890 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150220Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_383c62e9876047a9ba70f08d63695926|infraio1c2.my.workfront.com/SAML2|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_94349da5ce56bed695aab4af7167a041|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0Ty/r2PJ3MBP2pLwK5zsH2JYO26ss1GkBebr89CHi86B2oWQ02Q1sPvkKxTJf2jyWsYYa32LPDrEe2uXiWJelBgLVjghMIQ3NFpbq1JMk7mEFxtuTQ/wCNN08vK/dxn7b7VJMw==|_134a63ead8be15c1d1a373dfe55a16c2|
2020-02-28 15:02:42,315 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:02:42,315 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:02:42,315 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@1744514462::identifier=rick, context=org.apache.velocity.VelocityContext@52962ae0]
2020-02-28 15:02:42,327 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@1744514462::identifier=rick, context=org.apache.velocity.VelocityContext@52962ae0]
2020-02-28 15:02:42,329 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:02:42,329 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:02:42,329 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session f4d08035f5a19909905566a277e594f842d8e6d396ffe727a370975d6f4a1d91 for principal rick
2020-02-28 15:02:42,330 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session f4d08035f5a19909905566a277e594f842d8e6d396ffe727a370975d6f4a1d91
2020-02-28 15:02:42,331 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:02:42,332 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a06bd4f'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:42,333 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:02:42,334 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:02:42,334 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hmcts-java.dev.kinlycloud.net'
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:42,535 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:02:48,153 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1582902167_d0fd
2020-02-28 15:02:48,153 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-02-28 15:02:48,154 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-02-28 15:02:48,154 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_489eeeb70d2793136af0bf22c8d1315a"
    IssueInstant="2020-02-28T15:02:47Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-02-28 15:02:48,159 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://services.sheerid.com/Shibboleth/UK' from origin source
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:48,159 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-02-28 15:02:48,159 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services.sheerid.com/Shibboleth/UK
2020-02-28 15:02:48,160 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_489eeeb70d2793136af0bf22c8d1315a', issue instant '2020-02-28T15:02:47.000Z', entityID 'https://services.sheerid.com/Shibboleth/UK'
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:48,160 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:48,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:48,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:48,167 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:48,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-02-28 15:02:48,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:48,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:48,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:48,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services.sheerid.com/Shibboleth/UK
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-02-28 15:02:48,168 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-02-28 15:02:48,168 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:48,177 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:48,178 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:48.178Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:48,178 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:48,178 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:48,178 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:48,179 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:48,255 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-02-28 15:02:48,255 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:48,255 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-02-28 15:02:48,820 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: cookie:1582902168_9d5b
2020-02-28 15:02:48,820 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-02-28 15:02:48,821 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-02-28 15:02:48,821 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://services.sheerid.com/Shibboleth.sso/SAML2/POST"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="1" ID="_40b6be19aae47fa895d4b704a1744e13"
    IssueInstant="2020-02-28T15:02:48Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://services.sheerid.com/Shibboleth/UK</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="1"/>
</samlp:AuthnRequest>

2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:48,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-02-28 15:02:48,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://services.sheerid.com/Shibboleth/UK
2020-02-28 15:02:48,823 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_40b6be19aae47fa895d4b704a1744e13', issue instant '2020-02-28T15:02:48.000Z', entityID 'https://services.sheerid.com/Shibboleth/UK'
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://services.sheerid.com/Shibboleth/UK' does not require AuthnRequests to be signed
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:48,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:48,824 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 6 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://services.sheerid.com/Shibboleth.sso/SAML2/POST using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:48,824 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:48,824 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:48,824 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-02-28 15:02:48,824 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:02:48,825 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-02-28 15:02:48,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:48,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:48,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:48,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:48,825 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://services.sheerid.com/Shibboleth/UK
2020-02-28 15:02:48,825 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-02-28 15:02:48,825 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#aes128-gcm
2020-02-28 15:02:48,825 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved key transport algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2009/xmlenc11#rsa-oaep
2020-02-28 15:02:48,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:48,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:48,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:48.826Z, isPassive=false, forceAuthn=true, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:48,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Retaining flow authn/Password, it supports forced authentication
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Potential authentication flows left after filtering: {authn/Password=AuthenticationFlowDescriptor{flowId=authn/Password, supportsPassive=true, supportsForcedAuthentication=true, lifetime=3600000, inactivityTimeout=1800000}}
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:48,827 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:48,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'SheerID Verification Services'
2020-02-28 15:02:48,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:48,893 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Student and Teacher Eligibility Verification Services for Global Brands
2020-02-28 15:02:56,778 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:02:56,778 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:02:56,778 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150256Z|https://hmcts-java.dev.kinlycloud.net/saml/metadata|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438176785}'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata]' as '["rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata"]'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a06bd4f'
2020-02-28 15:02:56,785 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:56,785 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:02:56,786 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:02:56,787 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f4072e5ee5e8b39009e1021fc4419282
2020-02-28 15:02:56,787 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f4072e5ee5e8b39009e1021fc4419282 to Response _283ae1bd52b653fa8709c98daa666911
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f4072e5ee5e8b39009e1021fc4419282
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:02:56,787 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:02:56,788 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:02:56,788 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:02:56,788 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:02:56,789 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:02:56,789 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxX9Ak+8/ilckyo8E27wXvSKJkiwY1nEWrYfTFSEVspTbIfOAm8xdWEqIpovwpZkR3+Y58ZgSBnwlJ0JRE0XTHZrvAadKRpXTWc/GPRuCl8UENz2q89qiuiWhcOx5/c5yE24S3PKt2a/gcio/OfgQLm8EGy+Ay/Q== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to a10a7hibi70604962h8igiecfd21f71
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8080/saml/SSO
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f4072e5ee5e8b39009e1021fc4419282
2020-02-28 15:02:56,789 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f4072e5ee5e8b39009e1021fc4419282 did not already contain Conditions, one was added
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:07:56.785Z, to Assertion _f4072e5ee5e8b39009e1021fc4419282
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f4072e5ee5e8b39009e1021fc4419282 already contained Conditions, nothing was done
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f4072e5ee5e8b39009e1021fc4419282 already contained Conditions, nothing was done
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://hmcts-java.dev.kinlycloud.net/saml/metadata as an Audience of the AudienceRestriction
2020-02-28 15:02:56,790 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f4072e5ee5e8b39009e1021fc4419282
2020-02-28 15:02:56,791 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://hmcts-java.dev.kinlycloud.net/saml/metadata to existing session f4d08035f5a19909905566a277e594f842d8e6d396ffe727a370975d6f4a1d91
2020-02-28 15:02:56,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://hmcts-java.dev.kinlycloud.net/saml/metadata in session f4d08035f5a19909905566a277e594f842d8e6d396ffe727a370975d6f4a1d91
2020-02-28 15:02:56,791 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:02:56,791 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://hmcts-java.dev.kinlycloud.net/saml/metadata and key AAdzZWNyZXQxX9Ak+8/ilckyo8E27wXvSKJkiwY1nEWrYfTFSEVspTbIfOAm8xdWEqIpovwpZkR3+Y58ZgSBnwlJ0JRE0XTHZrvAadKRpXTWc/GPRuCl8UENz2q89qiuiWhcOx5/c5yE24S3PKt2a/gcio/OfgQLm8EGy+Ay/Q==
2020-02-28 15:02:56,791 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:02:56,791 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:02:56,793 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f4072e5ee5e8b39009e1021fc4419282"
2020-02-28 15:02:56,793 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f4072e5ee5e8b39009e1021fc4419282 and Element was [saml2:Assertion: null]
2020-02-28 15:02:56,793 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f4072e5ee5e8b39009e1021fc4419282"
2020-02-28 15:02:56,793 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f4072e5ee5e8b39009e1021fc4419282 and Element was [saml2:Assertion: null]
2020-02-28 15:02:56,795 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_283ae1bd52b653fa8709c98daa666911"
    InResponseTo="a10a7hibi70604962h8igiecfd21f71"
    IssueInstant="2020-02-28T15:02:56.785Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f4072e5ee5e8b39009e1021fc4419282"
        IssueInstant="2020-02-28T15:02:56.785Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f4072e5ee5e8b39009e1021fc4419282">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>xb6cu3IsHQWYVEgTlXIQdF5jFAOFsIIP1/rqS+Ug1OA=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gLynjspoaMwtGNO3Ru6idkroaAPTEpcfsrBqBdkvp928O2lb6y0WzsPMWXuq0MuEWlk2n60tNhvzmaeBzdhqq2n/wKC35CiKmTynYvdVm1VqDO4CLUq5g7JHfvozPIo5efOpfz7OGb4NxugdH2viFJ6FOgfMw7oDUktDZADKFIIQ2hdWXt/LYBLvLVjdQzduwZUzW81cJybdpswPdJ26gpLQwMaw6sbFA1FlIqRdau1cedhaoYi7KGhRCfEkpy7gr351zrWQdKrMRXiv1xE4qpgRJEqU2id+LE1w79mUz6eloJqsENPzL3e5m8CAriZV8n9OYsADZKJOvHM0Qaxrkg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://hmcts-java.dev.kinlycloud.net/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxX9Ak+8/ilckyo8E27wXvSKJkiwY1nEWrYfTFSEVspTbIfOAm8xdWEqIpovwpZkR3+Y58ZgSBnwlJ0JRE0XTHZrvAadKRpXTWc/GPRuCl8UENz2q89qiuiWhcOx5/c5yE24S3PKt2a/gcio/OfgQLm8EGy+Ay/Q==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="a10a7hibi70604962h8igiecfd21f71"
                    NotOnOrAfter="2020-02-28T15:07:56.789Z" Recipient="http://localhost:8080/saml/SSO"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:02:56.785Z" NotOnOrAfter="2020-02-28T15:07:56.785Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://hmcts-java.dev.kinlycloud.net/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:02:42.329Z" SessionIndex="_5b81222cfc3c15f3173f4d1ec66249d6">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:02:56,797 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8080/saml/SSO
2020-02-28 15:02:56,797 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8080/saml/SSO
2020-02-28 15:02:56,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_283ae1bd52b653fa8709c98daa666911"
2020-02-28 15:02:56,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _283ae1bd52b653fa8709c98daa666911 and Element was [saml2p:Response: null]
2020-02-28 15:02:56,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_283ae1bd52b653fa8709c98daa666911"
2020-02-28 15:02:56,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _283ae1bd52b653fa8709c98daa666911 and Element was [saml2p:Response: null]
2020-02-28 15:02:56,799 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:02:56,799 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8080/saml/SSO' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8080&#x2f;saml&#x2f;SSO'
2020-02-28 15:02:56,799 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:02:56,801 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost:8080/saml/SSO"
    ID="_283ae1bd52b653fa8709c98daa666911"
    InResponseTo="a10a7hibi70604962h8igiecfd21f71"
    IssueInstant="2020-02-28T15:02:56.785Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_283ae1bd52b653fa8709c98daa666911">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>C5aGi3ZDeW4Y34L/9dbfNaaLgsqE0ad9yUTK+jLTBw8=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>RrludQwKFzzUASVsHg0WMIUUfY8KTeHvPw+JIrmjaR0gr/UgAph83cyOxygWF+KCPK/AiWqftm7QAgDFAi3yX0K3qXix4op2X2E+RiYVxoEkDM/Vi4MCdZ7Al+ZVCIFzVrBZby/ObZInjHS21FcnTVuKNC7upIWs43lcrnsI/lgTctkiZ1T8phemAFreeMMMwZiZ2jbiUSS4Kfjgoh1sD4sQmkm6eWKEwPNGJhTRrE5wFeHMRaZ8xnIKRaZa+y2dw5nmHgbiinwTpVkH8TGFhEeFXDwJmAbJY1YyndjDyyAizCBU+va4SaJldXx/P4houVXdHii8/FKBTTHx4KGdaQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_27b2388720d78d82f262be08d3c5023c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_1abafc261843be5765fa1e820b0cc2a3"
                    Recipient="https://hmcts-java.dev.kinlycloud.net/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Xs7lYBr03u0sszJf6zwHWpu1/0y0WyeoPh5phxFXNxTKUHokldskxbEC583a5DHscQL57Bmv7/BJFQiOUv4sLiPfgMMoNzbIN/sX0jXxNLfpow1Vr1sUo3PI8toZpDID8PzAz3p41sZ7J2fb3ji/6c+Q+MljzxvsMO2eRCfo4RxTVgtHgmEOR6iVNFlZgIJREpMIyaOHxNP4Q+zdN2kKaaPTqju4xb29h8sgi7TVQLgJCg4QD39gvOnMVdq8enbR8SwezJ4EePOUJ5IJ1W+lqGnt+1y4F9s+wtrJp0G4HVBbaWje0L6zHtnfGNCnBX1LoOg+gsY+tbIl7XPibVI63w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>zUcA6dIDOuZsbYWDoQb3ugBuHEpHRVeg3S9LWHaA1/dGr56hEQlvfiNphy3iByB5vs5fDOp2L4b5lu6JkoNAZtm7gfaP4Z5JzmUGf+Zhh6ffx9exe6JoEQwssTXjiY39bsbONa07kcXOqm1nreNfpHIUEki3gM7me3WTfKfIH0I0cM85xdgNfHHXYQmjM/6efq8w7Hq0VTuVVwJWh24qC40zd1bQdMpc38RZSCNTwjIoK4zdolVZVQQwck1YrUTS5Mxe2hBC21bJ8mABLEz+70TtaIZFdjb4Hf/g0DzL5n5dLMFgAAnuoZVIP/9qP7rT3rG/10O0maKyyHHT3etljFoBl8QuKn/Sqwhr6W4pR5wL7nKnHHuR0Ik0Jm/FEAuWeyKUmPhmnAnx1uf74qRN3ONT7eRs9s/Ce/ExQNcLur+5C4R3JYTUFZE6sxDkHesjO/0NoIYrVEmNHtZ/beMo2JUf3e5Fi0+3VWpgWuYaRC+YNwWjl6w4/s1axfrMvqcIse5nSXQNDFRddveiGNMMhqVYQsskl0ckgOQ9i4rcZBqrvqfXWKLeBYnpmEHyN/XdfaGfG+zIX8Th14PIG47jXx5SAnPKZGWV1sACYAng0bZ/nBVp1YA3gz87kZSRpmU7QsILxizwjNe0Vyl0w16w3N/vXwshY4hGTeL7OAXlb76UsobSJweEIAFu2zDsqz2HkbSdWLFQGVfEtWx1QzGwIf4UIrmyVW6y9sSBDomu7tYwa5oIQvZ8UgLO6dBMu0+hi2nwWZZx1NHb3oVwz0p50V4JBoadqfQceESIsIg/wj59u7HFyvY4Whg+STL5qcBeKXfdRZ5Vx31oRSEy4X/2nYWD+LP/gurNtLA99yVyKa45xXSzKj1iD743ZaKUQ6Wbj4CkYFF52op//7zNfx4pxK3321qNieRa/SGUUMFxBRNiyL0/3UxuQhnVdLo5smv+/H1cQBsLr/lLjiGiw4drrjyo7HLu5joOA3DzOLShaLDdBkKEeskQAQ/Fy6E7fryHSFPPX6SEWS9XAf2UrIRgnPiQCs9IIa+ZBrcwAyvyfHBGqDVmZnA8NLt05kBMN0XeH/2vtddT4nHWq83KLH1EvIR3zZkmUMtexd6IdTS0rlJtM+Z85v+wY7+8u0UiGCghC2A5BhAwEm7rF3rKtS+W7YJswZsxTNawf5iZEx2k3BLkMqxDDCDnqLsZ+QvQvYCMyuOpnCo86Dtu95SzQCaSdDMjOX77uLKAveXHj3kMH2e6oEvJQn07oLbQfDYmrCVoIDki42D977q06uUIRUeE1DZAwYtJxDGk6ZmUVi9dC1ugxpHlsEAcCN1fYl1hJ4guqccezhltJJ0iHfjAGGjZqCRHVACF9UGzMDsOJKfXI8ZTAiXlhtcCaLgxUehDFshSh0FRIvdalCMUy0ydKeHslJ2ytqh1TAspLq+nu+TInNz9WHO1HhuakDH5msVssmeu25945KGqNv+wvb4wJGLt4pG0Hoadn2bH9OIxwP7GTf2ILz9IHed9LDVLSbQGXNAneLUhYYPf9xzCBaBsfK/6vgIuenuyu22rUoTSQcfOl6j5uNB703c5hzHERNqbphNi4k3tZ/0OkPx7rcB9cEHRkjMCFvq/I32AVVxz6phoDn++OD4w4TYvXjtWcGv841h7wDPLGade9qIni64LzHV+SEcY1srcC0H7EqP6yY8R+Rir5HcaGpNg4q6/lrgy0CqWmW6GFgUTg+0ncvyUBXAW7fojptw6r39NGZ+egcdvlN1wIuQkH5vCQXJf7OhemDiEan8FJkCidBS9/2W14oRjhInCNB3JDNWGihB8Iyu1XWJk1pN3wIsQH9wnt49vr2tqLUALgsr/5/9SH8JwiJNhZF0bP0b2gD26ie2KNcfrHWoijJc6bVrOTb/hT0af60hoS9OmyOGtZg6AaROWzgSlo7LnDTYZh+DZFgpWAQEDYiSf+nF5r+bstfeS20RwLhsr9HdpgdAsixROvPmQ1MuFojwc0u1/wBN/2tHCUzrTuz3Uo8zWeAe3VOyWARitN9HNwT/b+B3Vg5gooc0kY27y+6Y5uoMh1tVTgeVkt6wesoJiYZ2uQOkc4fQZA3iSOhdYvvGnz6n0yJesGaJTcSnb3aYPRIXw1fXYdKXBxY6ZQFFipF92JdVb4UofN0ZW/b5dPC5dTUzG/v1GYa27f8RKDVAqt2cL8JwjleVJYia5Qsj//scFLxCkwQOKLFtOQyvZ6AZJPQ2V1k6mhSXbaxIND89xRlxGQSSeIuOWmcBqHMqWD/a7ZWzpGLVYcdS7hHd/7kBDqaGUDJ29VEvn7XiITbuQ3WmYTEgEf1rggLGpX9D2WKpOddtujDEJSwfPJZpgVOsvzwWDL12nB8EYrHIRnTsDwtXSea6ZPho8YncqimkRUrXUHJx1fLv+TJxkMMbwB60CXUx1BBsgseOCUtcyEqzdhglBEN9FRIjge1g42nhvSvRzR8Mb/fxXd5WY27oH6AH9pHnbiMtW1uvYhamlrHbcXFGV2v24Sj9nD+KJHk8jzMneKB4dl4K0dOwcliBMqQflVyNbEC9GS5CDgtt8XTPPbdYuFzLpy3m93ODPJLmFKJhpNTvV3wxx6IY6sKDob7DFOFIEPVZj0EQu2ymjrZcRN8jumixQVRUJLCrPqO7azEG60sSkpEaKQsCOAH+iieJ0eYjt5oXi2RlH1mJqVioTp51etRahuoyMYiKqt6lEbGLxGaVTzQ5KQZqXy1jhUJcTRnZ2PxSUe2MHuX9biGPafiV8L2/2c1efrpkSI0ZMEGAir9kDlkD1DZe+pwAvUPd/mVS1eEpkv7OIMrsEcGf8rx/gVtZ24nEe4CLfsPNV06c2+nHK56VriIRhcY0L+JgaeSeA3dNfvHyEvz2ahlBUYVVSs2eHPVh6Dbm/Uq2M7J8iumvObv66nfk6NEh1+imm0yA7bY4qJ6hPKEX/SSEBSMRXUl8/rjXB7VK7eNJwZxZMZcWdVcCzfbo+3B06wNTEsSz0/SuLLBWipJH8kZOEaSEwasdXuVXSmKtaWYjVc0NeouSNbJuQ9/OV4Qjhh4UfoMIPp5/ol27dKUTjDOUVzjDptMoMEg/3cDxbP+kwazoAchOnTE3nP8A0JPnQHzXne791r5Kw8KKkSje7ClbRY0E31pPVt9GK79KWA/uKLMPYjyuEMVHPuRf535qbiXcIaUGA1NU3FHEHjzE3la9hRPC6uZOkUWNTPJ9IyKIDfQVeN/0WYG4mwk1lMwNdjHmVSeB1JiX7zkfdcJZzO0BbQ9rQorlN5e3P9kqAO4vGmvjbmsTIB+s8wD4t3+LO1WkAcccgpbJU00k9iB0KTpv/B23ae4X3zGMw80ogI3twWEHmKlnltNp3Pw8MnyqJBqABAs0O1ung7BMO7q5GuPi0CWOlgAuyzQtlCpn7044cYOj+7GfLeyWbVz1okSfXVNf/QBx1kMJV1GiRb+UdFJ/e+P1+0JMbDAtpMwe4nI/Fu++2OYGKZlYkJAWJ0ks7FKhz8fyFyhBjLWRwBUj5cchtxry/6Q0PHTzr9Nwth2tTgONnuR9HtiItn3keR5JKBBmEBmb2a0D0gHGlZkyf4bm/rq5F0oHEUx3niVNR33swA8R94nyTnK+M86ztDBVVOAwBjFwRTKu9TuMWecSKm/MJv19K4icvoA4VlgVPtFN+B+4I4V3rPKevXV4Si7nulEHNdpdkinGTASYoGPOWtS+VlcT340QXrsS9PgdlDwky8wehyBS33Y4jREop8KU+2Zs7rpy1KAqrupOyBXffWLlwUL1odfSW5fN3gJyfR71YphS19G9MmTQE/OGiLur/jpDwlKSFTURkGS/ZJWL7dAgn4psFzn9zha+j+GVqzSL4w62OI9ahY/lp9ADkzvi8RkTxpdrVeo/10rLxCj62CyltKfVb0/tpuMdmWCgfTZuCLWqCreGeGH5nxAxYWvfaRdSF7ZAGr5fMk4g47i4AqRoQMga3oKuXTHCjAUJNhQm7mX3KaynrccBNcP9FrEVVYLaEbLs7NRqjbqhohm7z/WGiu8PCHGN32D5/ml8ZmAwVUrVXUk7iMCbcwp/lsheNLbvRy78YzWbRopWpiESTEwAn5nVVlCEMRccXc0E36wv6YlwQW86C97CNzJU4+na4NOuiei/YedFsen4WxrLqCW76I1x1Baa60lmhN/OWSRFmWutAa37chhdGCzsXZaPbzyS07i+3ejREM7HWOO2OKUGkrkDlzgtU3KOxnwKSMFf/yqHNVXYpuH2oInTimJR0d7PpPRTCIcuVK5hUQ6FDz88AJ1/dJdYLf2/XhFgbM5893hXTgsMmfth/2AuzEh3nee6PWA8QNs5r+KpTTArKUc7ur358/rVgVZZog7E0sxOZ4E7WdfFvPhuLAU+opFON7HzF3wa8Hc9IdmqhbdgfjQJPdmGlUup4VYY4F6EVXV01haJnYP0/9kds+NMzPZuNyCOTuhFgwHRniRaC1OJj9awckMrVVjkUrfmItKxu14bnZkiQHlQNHZaldqFISjJDMM7DJsVft7INbrf41/comk2L7IU5XH7HDLOGlRLwWOT/NDk225Ies75ks4/3QLIPYbg4cqPaRQNklVdPPgZ/u4U0JHoweKBGuKq84x5noQe0ksWVwlzA0K8l9LlyIV0/AtvHGcX8dMpndIG6GOVatLY60izI6ykk/cZ1neyQBah5N6eFHXzpfNa2jA4yPMlFaBWYyWbVf3gd6hPm2kDA9q8KvdR5VYRevwyiESIQNcQfMhE+grIF13JbxvoEs6N91IdrJHinkLfyI6uhuz/0qFjpFJojaT+vQIdQDnZVJpKGcF1B3an18ScA07Qh2UzehQjap0zXvXGpAhFF1yfVu1enw5BwSuPJHJW107QGgeo1+h8SBeZNGDvI1g7YpvS9jtczxqVT1jgTaM13sG4md3H6pVTz0BVzOs/HR/jdxhw1oaUmhzyLG2h1Vdve2/EYdIu8O3YaDb6UN/ncd+WPy4u5+Ue1a9fJfne63X7aaVZqegLHPhzU9W3rshhTdr+dRMeRUKj8zCsxNEX7Z6EY981oP7ZvvPKo8ZDXNsKPf9R6kZS7YxxSqATwQb8EaDkpMnHlOFEr0PY76thuovF+i0+LVn+NiOnC9GPpSx5l/ag/+z+hyTDerHXG/DaVfV03TSl3udFfKYV0nFGmfAtOC7ZSo8MhZRcWnMuBkKcUTlVYvfKE7KdaCL+MkBJDgX9ZjdFFMrTkzgJVGpywNJZdOVZDCEinorLHlX9i37+CN5e2z3w8kTo8agIcWrWg+wCY1x5dh1OLHBzPx3JgJrBJH6ASg5Bgtxg7fKaodwx3upAHAu5YSjJ2PVqPmdyGWxx2f/NgHekP6FdV4OizqftaSl5hdiul/ErbixgFh8nKtYDV5s2xPWNkk0eLcgyU9eI56vsWAge7LQK5RBRex9FD1EaNTYBkt2mss+NV1G2FuwZFWuBi2HG/b7FHHtzntP/xM6vBWFwh0Ts3SNFEzhk6m58gVKM+Jj2AHY/gtqtLFm9qdBg8YbI0tCeS6zXVecZNLSFQJeKWZE7H7kBnH/E7hAeZHoT9PbaiI+JlzjJP5uUZVoaPGpfejoZBChwZuG5M7XfRj1XPEENeEem7/xvUQEoEGXdFksMbVH+sgMSBaGIrJWkGWe5Eo7zVmn6QObQNO7WPiTuHkMoBBLny9q8WpmJ1vHvyNK+b7NMAKQlqrQeLJYQtSti/uNCC6GOlPxJce9ZEPHvQ/ScijLIh6x4kqb+YFpUyb1L7SGTV/41igk+IHGWKedwTbU8g/5JuYkldLPo0QnCVAXE5RdHWH0xHZ1E09HPojLNdEJjXAXgVZkBVaHrwYx+8QRhV16N3dzvtmXF24aMQd32lPyJcBuxVVqKO9YNOf12v/D4M78TBPj7VGQiLsoYLSwf4otA+6uB4NspL4d5WeExULGjkhxyvifnLonYP5m+wIcZPRpG5SeLBbdYYqedL84bhC2/Z4twRU+fXuyionJfKlIrrYQxErmv+SkK7HZeMtPl7OSwBn35BzeYTq5TkDfsI/uTVHd5smFZv6NezfqGpT0ZfLFqjJLe18kluokzD2JhythFgdLuZ2KhSxdu96w7s1MBcZIkGm3+XX/uMJd2YUodSwexC8QMva6sKyyqmlKw8H8G+Jgxc2+VUqyy+AX+ptK8QDvgpvAxsxutEeUT5jZVVaacPSyoS2gP/Ss+FBZZQeO+EBEvfTA0FfMnCqgu1i4By8AjDMolYOPlIfJlhTNua7qaZRjMvutn48hvDriACLoSAkAE16RPgNWATVn5pG7YqEh+3gtn8Q+TAxUGQKoopbmBGgjX8DQPOU0gyPCDNk8mZUSgR6dfpQ0pYC8j+2Wtk53LmmWREsa/mOAPhA6UzOhXWvEYJq318zb5DeO1JA0iaQx184tVyHizDeJFLdz3lAEk6RmRwEXiP8QFlOL689zTlowz2OvE8LRMv2Oz8hYReHJTalqbobLzY0Q3zsB/BECGBlXvJ4LPnqr4TnP1ScqWgD+z/iYLCePjDlSKtNupxe8Oj/qwBARAvcwxatfqGY4uSmrKy07NMkdxObUJoBqU+G+y4w8dfGFY6SlqVuIvYyRxU2mH7YNnUBjycRQDvSyOeAU8KzEeFYotP4ftpP2S5D2y36PVZxY/wA2GSj/eLpGmrfaGYvJLSM3AZoACrT7bc99td9uWVEL2fpAqSWLMIXvdrYb5uK8/2HM+9G5qi3rzT2LOc1ULZATvw2kSWbH7riNUDJXWGTpp8c9vZUEBibXUzjw8KDBE1g0z5Ufa47wjm1VwBPaBjVe28Wwm0uGQG5/lH6/zec8XN/YNoVy+QagDtQiDktPsGE1+yKd2oB8hopaELvY44iA8uZqSMVl/wBIeXWPMaGcG6QhlsprAGeQ3jhPvqQ4KBA33RoLlz0k+suQF63vISB6yaCggvuYhUw39BTWb/MybNenKKkeBL59OA7kW4LK6sVs0AMXi7JObDaFzq6oavJQMUuOjjY/jD4B/dAlVWXid4ESdRkedaRY+ilxAfALlnrNvcWReYZkdZnnE6+swzX7NCq7YcTRRc73wzTzMij0QNVSowMMRVqchyw10XBnc9voaouxFou43IvQpQFhlpiNjuJg01oHSmRzdL4uVq8g9+CDbYGz5CRPkDkt5XTUlFp6mX4Iqyr68tHKBo1gFSnnP27YZV2j20rbFgsRTDyrECKUsN8NvOg6rU9V5vOeSDmuhkDXbFGKy5Ei0w0JX3jEfeTMTYBnYElOnddQuQ8TImSOAF5dEQ/h3UyGt6Tsn13f6weCIqoKVQuQGtBFKreuJsVTXWV2aPDjolQxES6KLNUmvDaqRm/Anzqla22r9zNjaPtwKAfjAnAIUMeA9mIn2Sjg/yvA3mEMx6t2iP3qKp4acSZc1EycUK5s0+lRphv37Qa7YIOlfWeDDRLmWHywAL5S+VnK9rKgafxlqnKiISQkJjXtIrZm1yEMUENGCjNXzvWG3dkAfNIPPso9KOoOz6jDLYwFUNgFOYw/4oSgd58/o5PTlYctyRq2o1Ue1xdL4YqrtmeGaF3wDNx0/ekrfi55TtJdLKJex6oEfnITJ435SIVsLS/jQMwb2R2Y0cIp/oLD7u0j90RzYs/0Zjb9MMbw4tR67oRXZ2ItUG4qq7ppkNoWqMY09+nCm0Gsox7EWbRYUPdsqjPUcaO5mIVCQ3bcwLU/3J2gnpKAg9ajX9lbj9Rc7JpNngdWANCDVr9Tm6s9hfbOC8z1Vac4GRC3z6Ueem/ci39WXkT3KBwhjqPAEDZMqfILwnfTsEKaDzRQ4kMMkDTD/zIKRVh6659XszWusEQKP8PLNBRDruyak3ekIVKmuE+nxDRKr6EBYlEFB2dsiLAy+I88//KaBr8xdNcc7QtwfBpsmvLsSLp43XhfK6JYZs8FoSZ5Lbzd2Jo3QEKNUOmv8x3tvttR+BJFZXb5HDJIqc</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:02:56,801 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:02:56,801 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150256Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|a10a7hibi70604962h8igiecfd21f71|https://hmcts-java.dev.kinlycloud.net/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_283ae1bd52b653fa8709c98daa666911|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxX9Ak+8/ilckyo8E27wXvSKJkiwY1nEWrYfTFSEVspTbIfOAm8xdWEqIpovwpZkR3+Y58ZgSBnwlJ0JRE0XTHZrvAadKRpXTWc/GPRuCl8UENz2q89qiuiWhcOx5/c5yE24S3PKt2a/gcio/OfgQLm8EGy+Ay/Q==|_f4072e5ee5e8b39009e1021fc4419282|
2020-02-28 15:02:57,159 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15537-uJXLLAYGuHFlQA1zomX0UO7JbL9fTvqy
2020-02-28 15:02:57,159 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:02:57,159 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:02:57,159 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
    IsPassive="false" IssueInstant="2020-02-28T15:02:55.996Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>FLufsUd1xykyK2tNPPMBvtISnhTtszjjowH5iCMhorE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
KAoN1dpCdGqWfGVTsdNTXXCjitjxlL5jgjSh1JsCfLETEsrSLIQpevpD5rHQPGSGex+ZfLUN+EvI
KDGxprV8dReNgekGvWYktHO1CJqUwmkqqANdfy0b+Jk9WtzemW+WCnWaiqJEa2lchzkHuRTgvMi1
UzzEQLWIp7qPq39FUUt3HGimpyfelCzhTkT9hOjxKlTUh72Gfb1KirfA3sshvggo/zLPP8FL+kAo
I3n1+kJ9JuOzqd3fSpnW/cZk9PDll36N3OWBAdpRATp0M4l6tai/VZRofbfHyjFHMMI49lTWC8GN
4ff4Snhz3se9cW5VeJBJ2JAzGy4DYEqfL9N71w==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:02:57,161 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:02:57,161 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:02:57,161 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:02:57,161 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm', issue instant '2020-02-28T15:02:55.996Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:02:57,162 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:57,162 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:02:57,162 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:02:57,162 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:02:57,162 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
2020-02-28 15:02:57,163 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:02:57,163 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:02:57,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:02:57,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:02:57,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:02:57,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:02:57,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:57,164 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:02:57,164 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:02:57,165 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:02:57,166 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:02:57.166Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:02:57,166 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:02:57,166 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:02:57,166 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:02:57,167 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:02:57,347 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:02:57,347 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:02:57,347 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:01,015 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:03:01,016 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:03:01,016 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@571731161::identifier=rick, context=org.apache.velocity.VelocityContext@7713ee57]
2020-02-28 15:03:01,017 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@571731161::identifier=rick, context=org.apache.velocity.VelocityContext@7713ee57]
2020-02-28 15:03:01,019 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 0dffea4154d6b2d3931beb74fcea41d0d3457557db9fa11c64cb47d5cd901bb8 for principal rick
2020-02-28 15:03:01,019 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 0dffea4154d6b2d3931beb74fcea41d0d3457557db9fa11c64cb47d5cd901bb8
2020-02-28 15:03:01,020 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:03:01,021 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@392a1620'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:03:01,022 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:01,197 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:03:01,824 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:03:01,824 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:03:01,824 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150301Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438181831}'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@392a1620'
2020-02-28 15:03:01,831 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:01,831 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:03:01,833 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:03:01,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:03:01,833 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5f7af9c193b83bd9d0c92233db423b8e
2020-02-28 15:03:01,833 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5f7af9c193b83bd9d0c92233db423b8e to Response _7fac526885142210ca4e60bc161cd1a1
2020-02-28 15:03:01,833 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5f7af9c193b83bd9d0c92233db423b8e
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:03:01,834 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:03:01,835 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:03:01,835 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:03:01,835 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:03:01,835 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:03:01,835 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:03:01,835 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:03:01,835 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:01,835 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:01,836 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxMpr0d25yAADu33ioqMHZ21rGqFA869t1/76gDKvOX627ET9NBwdZlQHps67IbJcgM5quSRhbglNvvunuGBoj96Ea4D1LtNmTUgE4RezbtX+qJ0xsNjxXaNt1vn1a+mVpeFol3zlt7GyGFoWz2crVY9qjrnjsekM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:01,836 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:01,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:01,836 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5f7af9c193b83bd9d0c92233db423b8e
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5f7af9c193b83bd9d0c92233db423b8e did not already contain Conditions, one was added
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:08:01.831Z, to Assertion _5f7af9c193b83bd9d0c92233db423b8e
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5f7af9c193b83bd9d0c92233db423b8e already contained Conditions, nothing was done
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5f7af9c193b83bd9d0c92233db423b8e already contained Conditions, nothing was done
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:03:01,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5f7af9c193b83bd9d0c92233db423b8e
2020-02-28 15:03:01,838 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 0dffea4154d6b2d3931beb74fcea41d0d3457557db9fa11c64cb47d5cd901bb8
2020-02-28 15:03:01,838 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 0dffea4154d6b2d3931beb74fcea41d0d3457557db9fa11c64cb47d5cd901bb8
2020-02-28 15:03:01,838 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:03:01,838 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxMpr0d25yAADu33ioqMHZ21rGqFA869t1/76gDKvOX627ET9NBwdZlQHps67IbJcgM5quSRhbglNvvunuGBoj96Ea4D1LtNmTUgE4RezbtX+qJ0xsNjxXaNt1vn1a+mVpeFol3zlt7GyGFoWz2crVY9qjrnjsekM=
2020-02-28 15:03:01,838 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:03:01,839 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:03:01,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f7af9c193b83bd9d0c92233db423b8e"
2020-02-28 15:03:01,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f7af9c193b83bd9d0c92233db423b8e and Element was [saml2:Assertion: null]
2020-02-28 15:03:01,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5f7af9c193b83bd9d0c92233db423b8e"
2020-02-28 15:03:01,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5f7af9c193b83bd9d0c92233db423b8e and Element was [saml2:Assertion: null]
2020-02-28 15:03:01,843 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_7fac526885142210ca4e60bc161cd1a1"
    InResponseTo="_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
    IssueInstant="2020-02-28T15:03:01.831Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5f7af9c193b83bd9d0c92233db423b8e"
        IssueInstant="2020-02-28T15:03:01.831Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_5f7af9c193b83bd9d0c92233db423b8e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>teZ5Fu3JJT4rc1viuZHmn4VZ5Xn90nJxqgMdFz8diGKwDh+IekJmBPJmSB8uSJstSTTrUPEnKfK/Y+q5qrj4Ig==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>mIJpyCDbOtzCbguC7uaZjkM9hwBppYdLJGX40skjPv8IedukEmUcRzQ3Fa/9Ql7tpPjTkvM/F1VkiAfW6ooXu7UU82m8lBmFeDSPn/wN8XzP3MSqqhI4B+SB4TVDR+lH1retBQM8EhdefUMVuiitmyXH0X2LSv/1lomuJUX3j2UJUuNvMzLTRj8xvXuljt3mRZBBOOCpvRPdg6E0lqOYwY3+P2QS0zI/xlxqEUbpI0m4aPQA/ZJ+QWXcLmUbdDRhRLPWEn/48pzOZU7BDgi5BTeZIBFcwlHeEsgbAC9IyIxO7gdy1N4Rgd1rF+YAMHHdgspuTErNp0IY4zJmFqrRKA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxMpr0d25yAADu33ioqMHZ21rGqFA869t1/76gDKvOX627ET9NBwdZlQHps67IbJcgM5quSRhbglNvvunuGBoj96Ea4D1LtNmTUgE4RezbtX+qJ0xsNjxXaNt1vn1a+mVpeFol3zlt7GyGFoWz2crVY9qjrnjsekM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
                    NotOnOrAfter="2020-02-28T15:08:01.837Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:03:01.831Z" NotOnOrAfter="2020-02-28T15:08:01.831Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:03:01.019Z" SessionIndex="_4707f3f5a18e3b2d91b2095633079488">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:03:01,845 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:01,845 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:01,845 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7fac526885142210ca4e60bc161cd1a1"
2020-02-28 15:03:01,845 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7fac526885142210ca4e60bc161cd1a1 and Element was [saml2p:Response: null]
2020-02-28 15:03:01,845 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7fac526885142210ca4e60bc161cd1a1"
2020-02-28 15:03:01,845 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7fac526885142210ca4e60bc161cd1a1 and Element was [saml2p:Response: null]
2020-02-28 15:03:01,847 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:03:01,847 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:03:01,847 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:03:01,847 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15537-uJXLLAYGuHFlQA1zomX0UO7JbL9fTvqy', encoded as 'TST-15537-uJXLLAYGuHFlQA1zomX0UO7JbL9fTvqy'
2020-02-28 15:03:01,850 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_7fac526885142210ca4e60bc161cd1a1"
    InResponseTo="_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm"
    IssueInstant="2020-02-28T15:03:01.831Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_7fac526885142210ca4e60bc161cd1a1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>CTzOVMvX1a95EddzyJZPlO2TES8GAiVVNbjy40hek+M+Zw/ZvnASv1feAOPMIE5hdQCXbkHtUaNRY08DgY12hw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Ecz+G6S9ZN45NxGorKVhLedhb2Y1zNd7PTKZb76xCkBqmpKmg2v2uKcwyoM0JGYuZE8g/OZPLWRrH6rpm50MaelKHB39XYAprsoT50+y4oHjJtiNU0OFdvOA/Whl+yfmMN4A4vpflVxN32i1wa4lkO8E9TVpLbFsmb+czcEelwrUIw5KdOQ1VBnSQal10cBxdYi5Wcwxr+RW8CaHDe2CqiemrQXAZ4GMr3NZs/JwT+WCDN7KNzpwARz7msbNcXMoqEEqKztb+kGnEQzrw7/DaNUK9WprMzKl2Z6Xf+8rZvdboPyGT4892d3ObhX3QIT0jjJFbYmlu4Gc8HMvRA3C8g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_11065449293af42b3ad29a0187cdaabb"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_d6ddce4ca39872d5c18eef958b49e1c1"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>QdgkMso3/HF59JV8tm1uqDGlcaK0BpVz5skz2dA7gnXvPQse8k+nYdcIod0lHVEphRAXCM1XyXp4awAo2w2IW/GjZ/LtjYPC1vvi72GKkgIx2mDEmcd9w99rNezJWrQ3K6mG4s+m9ttylrv5L+3IF8wmhKkWcvclxZ6649B0tA9IKMAyq5pzZ21i5fvoQ2soWFda+UENCnaw9ntQdbEAjmY76UeC3NPhnvKrG9hfblsdgLeSF3qmGeHEYVNYSTJu74Bd489Xl+qFKNxzsOlHDW1oXDsyOJezO60qCFrae0pBc3Rh1o7o+gRmFsy+UveHug2uDsXGQzS+ktaxQcjplQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>c9sEviprBpwcv11YkLK0/JAwegKqIXJbrCygJtHhJOpO5A/LZhCaA8sBAr8aTVANLz09f0rQ6ABAEPQ+dfM8irVgzfRrs9EXzzK/JdiJuYfX0HMcg0FkWjSE8/3V21amB6b3mBJm1SDypHRaGs1ed7pVINVtTysR4fHYtKPUjlg0RaYX1l1NJGK5884eCFY0T5qtJV6A8cdDBZohn0xKtIxQ6DRFjOa7/0gzM60fn4c4v/jkaSoGYV9lwoEyTitwFFWYGN953+el/T+uJZSCjAwnsYTlrtbgSdSoUXD09UmyDzr6euZNZuZtQ5X9iXX7jb6muv8YaRY6Pi6CEA+buWqOfE98GpAInBwE2XhX63QoNwz8s9vS5HoEKluf8DGcrQ/g19l9z/iHjgh7ZV2nH+aKpIDis08I2BlpNOaQdU3AavIC7r5yfWV+D1UV0LIC51JIZKsngQ15bS+ABv7lnUY/ZQrWPHQMf/YViBV6ekZV3GLYmBmGw2TrkVNIPlS2EKtv2RkL8JHhkX6/LjOrRFi2w8sXTEmPM8XgL4OnO4yaETz/Yw3qZXF0FTnH7FV1T+Tybckl1XfkVrkVrJqrQTeIpdSahwcfH5z0ZXj0TP5mGaorNsZ37lHQv/jm7mYpf8Z1BoJ1ictG4n5Hxu7KUE1t+nLxd/LirvdJAIMIPn/4RLGKjiFzwuW56TQTyzMBi/3iZfjBMYHwS8DdneaP8rSqcBPqJAbDgFyi/ZufYzsj8CjG5gYvkW1IEqLj/Ehw8KR3ngmTikYLWD86cYTDTRHqurs7WP/bExrB7xj2dPU+S7JOcQy1qNt/LIyCknBTpwBUvsj0DUANHdrAtvPqpCbwbvzB1rzAsEC4d9L2E6IczgD+uCO0+qReYWYI4BAiDMxshbkaIDvBvnxTVhcK7wgXspURou3qvg0BeaNsSo5WLieeApWnvpNJgK7AN8lebuLcA+V0adnztGrfCZEcGAbQcsK5HBHCub+9lDYzdmXSSLcQx760JY6lkGVuohvxDiPf/n7/eshElDwYMLEUd/FmklyUfoEbeJ/fWpqA2x5t4PQKfouNRVFIHAdAEtK2NJMBmKNVAIJjx01P4nPyGURohE8AQtbr0pllpdfwL1aCziyjacxva/B6kdKeRHT9+NEp3P+TZ4Q5VzAPIC+tDvQhgAZyF8wMpRZ8PTNO/DNaaLZ7AYk0P1j9PlluGcBErTfgE5JOcvNgsJ9FWbtfukVZDZ0eBYcHhEp1vVw8Y7h8fLetgK9tyHmfwf2TV2o5e6XdKW9OR0itE6F2hNdfhdpgNpjT+w+tbtwWIG1nzNXfEwQUan248GTqCSbSd2BGu/Bh1T7gb8POAkNjT7xJAOXv/mrTLit5BmZ6PgQdKWeBgpCqF3NHrAYeuSvQrIa9SKqvMa4b7o5W7ta2fugXq0sLJZFXqvkTaJLet34LhoczaSS+lf+3lh4ppt4H4XPVMWLGijgR1PeYhtT/7z+KcfLqRhSWsehUn0gmarKoG8jrv8nm9idYoCXTH6Q68HmKccZv2ZkD+Ahe3YJTR1oSD1l1JYwLLqQYMs7yKFh+F7Knk0q0qqpdKnU5t3QaBuq6cjyV/OJzhi1Kg2IzGEgWAYPgv0mD235LyTZasEXkL+kOvYHsJ7Cinh0qRWygVRJyCv09fdTn5Eg4QT3eroxINdUH3uxLqTPC66gp5K4qUKfwV0HtWuwDaL40l7BVv7pwwQLBjILniuwMvKg5pSWwPd1EXjBOs2CAESAwLorCBi7unEUowaqnM6uDz8mhzgo5qAsVSt1r21e1WNZIYqBu7rL7VoNg2eoZqzx1bsCjTwdG696uCXzgRC4xXhm2Xyur0ZCheUPalHUBuaxyPRqbi99kUPQVfQXOoWGHTruwKWL1USXnDntteLA0CR022hIVlS+qd8UwYPQGdhqU2Gk7UyubSDl2noweU5kS9G6d3A6wmOL6HfFHg2eVaUHbza52xv6Z340GLmLTMz2Lcx418q/D/z21aZqu8okKNyzL+1wFuPZjdnDeFRK+MfTiVaykyeELsw91PqnDicOWwREv5aiIwA1lAolguCbk5ul+nSlsEK0rgJemburhahsT+HFd6EtNM7Ab3S193PWbAqTVDTvG4lfCVZIe2iEQZ7D0ArTBmz9Hm9B9HcGuGg31K9cFjdZXX5Bu00WoTIgeI0I1q+RTQl6/ImhFGjrB+7c2AueeXEpGn0B5y6snBKO6gaB6D0+hcHv1eLLZDvGzax1iSxEChsAaTcZ3hf0nFRSan2X944GxZ3H2Mnh3sdlBiKi/S08wsj7DArNowLJTBjJagY3hqv535FiSZsVLlYVvfp10+19CrTTnpoIhdJwhPbTpwTNHDao2qpwd5PUmGSQA4+oRtzb9745oLqcHHBaaTge3Hy1bNTGOoBqHBvEzqQ9PR8VRDEN1l9Ll2I5V/hGNXvrqwFHBuJi7UDXp/LfHoFWdSyTJzxNAWvrMiV0buB0jZaKMMYuio2nPZYXj4Dexy0llPW+F89C2GeuGCDfb7hQCxSM6otZbabf396cQn1EahQF9UZk3loinVRZLTBPnDwg/B3Tiu2dtvYgQeYBE9lWeTlgF4X0N2189ggXIZxMAvGxFNqL6wbGPvzk0HRe3P2S9L+sUqioFMzjYmmYcf2shSX3wilJxSHObP2cB+sUvacT/38tWuSBR9MCTFTJiU0ERlnYqgmTAIBtSTxFIitDku9mke1IOl0GSBWh2kJwioTiYwL6N+4aZeUStOh40e9P4hKnqNMoHkwQv17X9TA+JVzKnb0hO4I9yfZPRg7k/ETQ1l5XqQkKmRNwQw1sa7qPVQRCCLkCI/gLfHn6ruWpUnW6Zb9nKiemR/eHkbY1hslOdQSVBC7JVd77Q8woxcg5bhKutasRBGJ01QdVm64N6LCCm0eS15bXSB4vRzOQhpazp0pV8s5pDuYtF5nm8UOnVEz3OxgTkkMkJhxXC14vkb/jP/CvF0AEWesIPU1CZELT+Gq3GlsRjWk1VIjjW9mE+6Bvuy5uTBCoY+H+2mKM5aGYnGywR7h5xeHiUKCAkU9gbHL2MWKc/C9pPTzMNxi5u1FEpDbZbiGCf5c3UVhiCQlyGKlO5VOrS8mu468JOi3N9FcJ8BYJutq6eJDa/cISjpxM4QjpusdmZ4EOLlDQzCgU0fDPxdjziSs5/eVHcTtWKRR3m/GokMdYoRrmYWCyIwBFt95pjILICnSiDW7EOPCQHLy36TivyYzPfChHpUvFVQrxKpjYWx7aqiPuk6gsOoKtoQH4FXfZs87DGFl7rLJSQvSI2HEafE3wPHZR+olj1HbVkEmL7jcQHxSQdm0bASuVSRJHlfQmeobXyq9y3IgDGn2UFoLLXqH39+vPlv7zt0c2/AsZvVLsW4S3A8aOGf2m3HTy3QfTB86+29Azg2+JUv4WC7iEOwCSuvZx8L9lKW9vCi0b7OrMw7DgGGw17GpQdsYOOXsH4hZMFy80xoy4bE3i2IctvVV791WMkB3opMDejGY46uvVNpxR1uyIdKhRTjYbq/dsqSZ3PWgJ7TCS6KYmfuX7ou1iSFerpZv86JpZyTVc1wsd1E6kH4OARScLhfRTdUxg2ftNUoIywQsnHZ4IAHgupWt5/e5js6xfRqBdTis9ntDbEEZJEKzJ54CicB9gCi76DV3fXuHdcKFx/kvCuI3qCq79+qnG9mloewhaQHV5zCAmd2yCU6CMuqhMOeSetT5WcuIrD0RlceedeWmNF/yitesgqzu8xw55NYrGThjfPVEFvzEXBVi7C7Y+uBVYbN0tKz8qrWJDLfDSgj2KJAtrCA70BgDT2y1sEaI/AB7fedA8CL+2LBC3bdkKXQDB0PWepX8GpW5g05v8bBhHs3OQHqSp/qm9Jddei0T0EOCmnsfKz2Es8RhWLDCcunWC08ph+NVlHSSObu0vThBBcLRFRL35wOPSO4BFT86ttVKuDL0snehG7uYUWOrh6H8l06RW+vuMNLmDuDMl95nARi3+GK+ytk11+mJcE/wL6/ft34mlhExGx8BhhJUjvI53yNEfXLQaGZNR/uB2SFyjAIKN58UupOeE4Cwyqq+SUv35SxRZuAoe+0IFXCvWd9/LZM015JBDopcZ3tjkx0j23+W5B08dbq6oL/5am0FQ7A7PXVhYeBa/yvkjTrhOZveUBgOF+yboCf8yg9UsA1zMvTwyHpkm1pNDTJwOLwumTwfe0daPKDdnyGQpKdbhLS9ev7S02yvsbVLb+edh11lowObj3cwnvl9rOYGdwfLbhkM+qwFXUssbLYSaR0CEdbK+S7vVZzN588cMAATXSZ1aLhBwOQehLRKaMaiSE5AB5FHmAvP9yNXuOftz3BrJQ5ezyRhp1rboshzCUqWb+WWQ/uv8VMqoGwPn3HYxCHVy/itoOgAPqQtnRq5GK7jiaIaXui1nNEqjsxbj75Kfjl7eHkMG/j0VjnLs488igwD0ktpuBtB/FMxt4jMzRe0GOPNS5Gl/7e5/60/Ww3glxGjsx6RSvcvNpF4OS5EPVTDWesXNdH30WJHE8JEevSq8EHCkm3gkVqZkoPm2og5f/IpaDiHUQL0yle2GZ4B3Qgi+l/vASebeOdKYPhVpUaAZFyDn+OP9V4Ef05t5pAIBRaRS4VMtywJ8HdbEPcAGvMMYmaDDVX2XVrkUxlvrzadBa4/yANy38psPvYWcEwba1BLxTTIs2uGGk8BdgG32uIHpVNAN0a9PSe3Egk6ubEXzsnMAA1JPAJh8tVyEmWHoBPu2hKlJEXk93KJ8e4YRQaTzpbbxZx15hpyRBq0kRr3rBzVtXPnhBtYqiOUMqtmg+pSlACeuL6gK4UUFfXkdEAMYB3iOEKvlCKFfdF1pqn+3u7aBFSFyWl/+MN3ojtnuIkPXC7bnZrhmTHZI5fRKh/zLLhP548XkhWKr1XkZnoaU2xcGaeE5fFqN9LrmbzAhjnppGDHiy7aW8cI0br1Q907K1pt94c9ecnFS+VZ0hlKHwfFqc2XaBJ99LU4qFxQbOlTlyRwPkCaEDw5DMBche2IC1UTioDNUcdtoxzC92NkPiZP3sEbCkejqvJP5EzQnXxEa9oJxjgsyXqKxD0EYSlQ71Dw70AmZ1nJZY9IjOsvwjej3ZFGP9xb0fyhPnqt0e7XvWGEii3kySkzluqvp8XduJLdTMUeAoNog9oAxUD3yxq6j6sWYx5Ohyb9+r4CPqDmwAvG9VgJQ7UhVMVPGuQj/ECDGkW1D/ob6aXi25xV3/lROSUyEtN1gDJCwh7+YrNXYCyqY+2BF+G1avaVCYxYvixpeyfgV4Z+ccx46iSUoWFVNCqWAG+lgRef4QROiLc5QDIFy2L2giiSuv5SAh6bcVhrKE9RD/rJ1mPsqEzq1UFRkygolk23WeD6jNtAMMnrJfCR2QrV4WBBxoHGoK+ZNI9jYOxKsQ875/TJgQIJ00zoqnQF4XSvLXxD4qWojcyBvH5FRmPjLksioS06jvDgWBq6iURtwMZmDugPDYyxTDvR3H+hV+KFg64WLudz9AyqoElxIWLDc3e4gs4f7OGCRHnLvgmbpSdsPXmBxUz41CvJHKC4ogn8CMZcZJfVp/7wFCP6Kh+lPmO4dZBay+OnNetqmb0mwdWateocDlcfd84iw57h4m9WCr0Hoq4nhyv75tTzmkwQRWm8ZOob+qur3Z8gMxQ+qCTh3vnWJYCz8TcnW6a7SVM9SYcm5+3S7OfUWkF7Zleq8i1ERs8KKIdjVeEBPtVoq0i2tgpTLzPeusfvqgYDraoHMGcbrXpdEwW0sn/EflcJIKUo0v/RLu2eM244KP7wVEEz4gnymP/YjkDbnWvzWwCLZh0DBFGKpQHRBpKc4Nz/bphPTU8xlLsL1UA63vMOYIFPO2mbWvXxpoaBK7fYSwe7rYORDcJt1Dgz1CEpNHXTY4ESoxXCcKXRFn4U46jUo/yHZssC1W5xtPsxBLjeL4keUTBKvjp1eum6ETPpZUYIUcHu9rtzkBnDl4PU5okRV3pXPjPBYXsbnJVG3uXZle5CZGKVUVCtvzc9jnNfeD/DdJeROAAP2Z0i8XXu3UmJI0TCnwgn0mmPoJ8ewr7WuT32OtYOWbtgsNgHqxV+8RF66mRBoTjy6jIDo893HWjElmHA7w13Y41xDRwAjxloeLtZEHXhNoJRkuMZgMriOxsw16GtjPAI3RWh8zFszX7ptd2z2kqghmSEo9EzUTr2h3G9n+V5JLoLQiMcCJT5/dLIhS7yDpa8J2nr9/AloX9LYcoszgqlnNA89jHOsIEIxeq4nA3NfznuR1K29dfbhBbhZnqZNPtiVzM0F9esga/r2e1V7nHP3IpzH5CpHK8h3LXA/A+c9O4kAB83ahy0F8MAmsnqAOlcqo74o3xOsazXqCxGvbIq5ev8231qmta6rMP1BoyF4LDGZIhHteciWhyV23YuX/Li7ug3uXLiNLr9pZ5v7/wU+8Ot0r21dBrt873SZiSjIbC/+yxtnfJxfiqpJ9EdNd2maagchUo0LPbeHeuv9hqhWU6zOV/B/+ISMoHm7FdzSi36N6uO0/ck2jRt7bG5gLtGFrxzidE8et+zhEnRcxwsUW854yVrL1ojgQl+iAwXWICgi4RC2a9KKOxhjglPy+ex0Ts5BOZiKaDUAV5wE9GPHRHzUILFUcIQvNMPIH+574hjj/lKxZH2t1Jd6Hmfagr4X8h6xoOjk7JNIEDRWrEqVXBF/zmC0KnD4QMgwVv1NxjRUrf/V2qyTN0t5iGq7y8KVz17IuuhsHitzhFPDjiVqTVkq4NzlMnLYFS3YVWFN2woGSSN0cOzDU291/fpvPlt/9w4rh6Ns4utykknFN+Zy1RUuNMr7fwQD6wMujW5Aa9h0sTGx1xtLgEOT9dg7YH36L+0LCpG7+zILC9cj+upr+Hft63qfv2OD68lLQhKlWfy1/0M7AyM0xXI+KuJ90GW7+bc40ttcCKfdR1g4nOgLnB13esjdNmk+K+n5ectSKRMkY4Jw9ku709R5w85hEswMXP/N8ucNAy5YSx7MpHeThLmlE4nh8nRj1nI5JwQsUmvYSbWUfcV6bLIHbHrkQJSMnTc0qHOxKK5Q7vhNq2eetBX+OxqEQ6j8ZapLMgnM3u63JPksyjPUJUO13nj8pBkeYhTMP5u/RtiVoFrOdF92BUPRKmE/jdi8pD9/SXc/dJ9mikaEXBpq7/9MT/N+ecr93uGSUONJMNEv4uJBP6zB51wrhzednX2h/us+pDZBH+8WoVyB7eP29GnxqL/TWbGZ2PsC5xXUhm5Q1q6kb+u/McKmEMy3AbP6Te7f9jmu4SdjwlV+ukjU3+ykQOC1+1zUk+f4S1zIHegyhrXeMnhvYxfYc4jI4D2+WXnM8lqkbA5dNY8WeQ9fuPPYjHGyMgAOeW1iAZs+Is4wPWRTX44GX7UzdhZDcgv9GnfGsmmaFYaYVSAd3bALvXVxF8Blsn3aBnzbh7uneS5gN/5kxps4ywQ7HcdJZwqV0mSz4gzpK0mRWYUi/4ScTbyTgqdlqPFk2fOj/Tz+U2KGj4FHoKbv+9tt0YMhDealgjSwEFsJtSqOKn5usffpgYDLOySRk6jXrwKCo9L8q4x90x7S5n1O/BOKxJjyvh6Ig5MJn/ScXtuoLt7YFx8+jp6SKIU/UrXiAYVZfoi0NDlRbN56lEM1uyCbDFwzQ1zjMsRHR/55jqzuUbWlKsClUtVfbtgRGjgZTd52b9//3jHl3N9ua52Czf5xl9RYzKSozxoRA5AyKtbaD9SC26yyxbY3tNpjIZZn72ijiPkye/FUAkHGCTmOiwqjr1ntBtKT3ACHgveaL38hUVn3uHTZnTHLUnapKOHMAHEkgpnuaFcb10lkJ6aAyVEUDERwUzlrRpMXG0YS1gU+EWMBGESNgi4IvDWI3Th0GB9fS8FTvJpmnK/jV0w93tuVsWGpNj7TTiivxJQg9OwLHrWx/ZoEA0CATUODfTTIXkIgJNGRlZlENH7KJ8M33emU6jOx727YWEWytmL3lih0fFWYSw350tbdcbnR7aBD9Cbcj8xTN5R8N0Hh8nwUk8q5Ak+5+S+Tc5m0S6F4qIypPcfTith+DnR2yf+mR</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:03:01,850 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:03:01,850 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150301Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2luladfo77mso5nlonrfpjfvhkw2kjrjvlamibm|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_7fac526885142210ca4e60bc161cd1a1|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxMpr0d25yAADu33ioqMHZ21rGqFA869t1/76gDKvOX627ET9NBwdZlQHps67IbJcgM5quSRhbglNvvunuGBoj96Ea4D1LtNmTUgE4RezbtX+qJ0xsNjxXaNt1vn1a+mVpeFol3zlt7GyGFoWz2crVY9qjrnjsekM=|_5f7af9c193b83bd9d0c92233db423b8e|
2020-02-28 15:03:19,036 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15541-B5RukF3ybrgabYxOrcn-wbrTI9NoOSPN
2020-02-28 15:03:19,036 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:03:19,037 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:03:19,037 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
    IsPassive="false" IssueInstant="2020-02-28T15:03:18.330Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_63ponfymcv3qpilkdeno504tf60bbfmhrez298r">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>JpD4DPrfEKUM0hptQA5FsU4YEhG619P652b2Lyi2veY=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fncAH0ugKgGrsD8HGB9xD1cOXldU84dsGqysb18jgfqcTUt5Jp7ImAcR4pqDOnJ7B0yznt9TABZt
Etj6PVILJ7288kBa6ymne5SfwdJwakS63H9fENfHxtthwsGmoNhYDNMknP3bS1uVb414oaNz6Fg4
0ZUpIS4vfQ7u+B7KtzCvoJytKE+9INcoR3obpoKSDxSg2xppYd5UVBWlkjaIIBnFPMrANmDXf8A8
hQEc9RNRSq8qJb7Szk6dQw1Jg8eS0JSTtr19+7VrfrzLrn7PhoqIe7zXcRyx74X645JHn0e8wgEJ
TT95OpZLZ6zhwXMYdWh7is5vUDkP0V4d8zJ2yg==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:03:19,042 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:03:19,043 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:03:19,043 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:19,043 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_63ponfymcv3qpilkdeno504tf60bbfmhrez298r', issue instant '2020-02-28T15:03:18.330Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:19,044 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-02-28 15:03:19,044 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:03:19,044 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:03:19,044 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:03:19,044 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _63ponfymcv3qpilkdeno504tf60bbfmhrez298r and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _63ponfymcv3qpilkdeno504tf60bbfmhrez298r and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
2020-02-28 15:03:19,047 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:03:19,047 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:03:19,048 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:03:19,048 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:03:19,048 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:19,048 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:03:19,049 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:19,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:03:19,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:03:19,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:03:19,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:03:19,049 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:19,049 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-02-28 15:03:19,049 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:19,049 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:19,049 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:03:19,053 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:03:19,059 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:03:19.059Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:03:19,059 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:03:19,059 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:03:19,059 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:03:19,059 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:03:19,062 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:03:19,233 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:03:19,233 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:19,233 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:21,176 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:03:21,176 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:03:21,176 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@726229537::identifier=rick, context=org.apache.velocity.VelocityContext@706eb52f]
2020-02-28 15:03:21,177 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@726229537::identifier=rick, context=org.apache.velocity.VelocityContext@706eb52f]
2020-02-28 15:03:21,178 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:03:21,178 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:03:21,178 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3d7fa34b3be066e813865f2eaca8bf6c9fb13b1adc10db4c2c58f7e1bb05e7ac for principal rick
2020-02-28 15:03:21,179 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3d7fa34b3be066e813865f2eaca8bf6c9fb13b1adc10db4c2c58f7e1bb05e7ac
2020-02-28 15:03:21,180 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:03:21,181 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4a18696f'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:03:21,182 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:21,352 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:03:21,872 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150321Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438201872}'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4a18696f'
2020-02-28 15:03:21,872 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:21,873 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:03:21,874 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:03:21,874 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:03:21,874 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0
2020-02-28 15:03:21,874 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0 to Response _23045faef8df6ef7b20ab382fa850f2f
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:03:21,875 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:03:21,876 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:03:21,876 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:03:21,876 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:03:21,877 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:03:21,877 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxzttgYhu3V3mtL2DvhfdTxUCMIU8Pr1l5+S6FeiC6nZQNytsNEsaAj3WaaA0ry1+AsMMvUwo2baGRN1DCcy5DdEIvBXdgnOSoHtHKHGDzw5IeUsyGD6p1RB62AQPYtcqTjw0+fXV0RVYnpQyGimNsDFF5Heg63Fk= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _63ponfymcv3qpilkdeno504tf60bbfmhrez298r
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0 did not already contain Conditions, one was added
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:08:21.873Z, to Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0 already contained Conditions, nothing was done
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0 already contained Conditions, nothing was done
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:03:21,877 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _33af8e3e23f1d8cc2147aa7c9e2af4f0
2020-02-28 15:03:21,878 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3d7fa34b3be066e813865f2eaca8bf6c9fb13b1adc10db4c2c58f7e1bb05e7ac
2020-02-28 15:03:21,879 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3d7fa34b3be066e813865f2eaca8bf6c9fb13b1adc10db4c2c58f7e1bb05e7ac
2020-02-28 15:03:21,879 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:03:21,879 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxzttgYhu3V3mtL2DvhfdTxUCMIU8Pr1l5+S6FeiC6nZQNytsNEsaAj3WaaA0ry1+AsMMvUwo2baGRN1DCcy5DdEIvBXdgnOSoHtHKHGDzw5IeUsyGD6p1RB62AQPYtcqTjw0+fXV0RVYnpQyGimNsDFF5Heg63Fk=
2020-02-28 15:03:21,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:03:21,879 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:03:21,880 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_33af8e3e23f1d8cc2147aa7c9e2af4f0"
2020-02-28 15:03:21,880 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _33af8e3e23f1d8cc2147aa7c9e2af4f0 and Element was [saml2:Assertion: null]
2020-02-28 15:03:21,880 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_33af8e3e23f1d8cc2147aa7c9e2af4f0"
2020-02-28 15:03:21,880 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _33af8e3e23f1d8cc2147aa7c9e2af4f0 and Element was [saml2:Assertion: null]
2020-02-28 15:03:21,882 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_23045faef8df6ef7b20ab382fa850f2f"
    InResponseTo="_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
    IssueInstant="2020-02-28T15:03:21.873Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_33af8e3e23f1d8cc2147aa7c9e2af4f0"
        IssueInstant="2020-02-28T15:03:21.873Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_33af8e3e23f1d8cc2147aa7c9e2af4f0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>FqqqX9VHL7F5ROw7fy1Q3DdhESjFdxqrrr38yoAEdEsaoEMcug03znS8i0HiF0cr5tkXWezXserrkFb9PQAscw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Y7XKiPvRKPx9Am3Y+UabU5PIa7rJIva8Nvf2q0x7HGCfWv6k+NnumIb2jzTdZeCBiiOZpkuayV106ZhuoYks8Zir9YN/vRChXGBwjxX0gpIUUXaYHV/VXYOVgBAcLcUeEN/P2tgIJJC0Oysbyqfr5qMrDFptGe1KLH7nZCV46vtwcv+Ext/lWC+5rjwAmJCYpqNBXVXN8hx/zyNwAXTB/ltaoX62nElJgqIAk1xoy7cp+E+jVougCoUwbgLOEchI/orS8PUQ1LQayW4yUB0DRMT5ytJ9kYvprus++RzLARh7gXO8IFrIjxatgf9KXkvZKO8zRTZrqsfbmy62csmnsA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxzttgYhu3V3mtL2DvhfdTxUCMIU8Pr1l5+S6FeiC6nZQNytsNEsaAj3WaaA0ry1+AsMMvUwo2baGRN1DCcy5DdEIvBXdgnOSoHtHKHGDzw5IeUsyGD6p1RB62AQPYtcqTjw0+fXV0RVYnpQyGimNsDFF5Heg63Fk=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
                    NotOnOrAfter="2020-02-28T15:08:21.877Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:03:21.873Z" NotOnOrAfter="2020-02-28T15:08:21.873Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:03:21.178Z" SessionIndex="_79808b5757595fd739a3145037b0bcb0">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:03:21,884 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:21,884 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:21,884 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_23045faef8df6ef7b20ab382fa850f2f"
2020-02-28 15:03:21,884 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _23045faef8df6ef7b20ab382fa850f2f and Element was [saml2p:Response: null]
2020-02-28 15:03:21,884 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_23045faef8df6ef7b20ab382fa850f2f"
2020-02-28 15:03:21,884 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _23045faef8df6ef7b20ab382fa850f2f and Element was [saml2p:Response: null]
2020-02-28 15:03:21,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:03:21,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:03:21,886 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:03:21,887 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15541-B5RukF3ybrgabYxOrcn-wbrTI9NoOSPN', encoded as 'TST-15541-B5RukF3ybrgabYxOrcn-wbrTI9NoOSPN'
2020-02-28 15:03:21,895 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_23045faef8df6ef7b20ab382fa850f2f"
    InResponseTo="_63ponfymcv3qpilkdeno504tf60bbfmhrez298r"
    IssueInstant="2020-02-28T15:03:21.873Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_23045faef8df6ef7b20ab382fa850f2f">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>u2/h5FkTRPUCY1t15bBrBLCABYP06uybq2t1b3quUnN7H3dRf09Y40tgQ8m5jaJ9CqrNdncQ0fbtI50ZaoOGwA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>SGwuUnYYSCCOpdQMkGrERrhewUMGjt0QrauR+EFc6nS3C61K0lqn0LPLhPUD5NMW9A+AjH6KYTNruPAXdCJIFz0Rdx1opzhwd3BMu+P74NXRel6eESUW4dfNsbPyNDHeligCeXpDMVra1NB4v2k2AVmMIb32UrzBusaqbhPffk7C1EOFn+byRQUf4jrJ+UkITKsDoQ9vklKU5nlunjM/Jjat7s4yFeOJr+VZcaq/0nUKn9cQNUBQIeRSdbuTVd+E5KPvzuczuSGpFYi7FkH3CYALE0uvZ4ntLV8nSNx6fuUAg480B2Af9BZKE/yL5/YqeiWItQeSv9tDlQl83llaRA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_521a00d5fd36ff31ca60dd1eee127691"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_be1e1ab74540317d6b02ed96aae0fe6e"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>FOdvoyNwvgqWBxmcBNeCI/ztyW+dTAhUnlwFMnzYDJIi/mNxtcrsyrATNOwXqIQ/VsogdeK/j9HUYLizqReeIKJAV51+JB1rxVri/AZrsbroLWv3JmFxk8lH34tqy39PHLo9AO1tMlZfx7hz/RBcsLfGMTjU618dvmnmOXbVirkx+Jyu4akHqWVxQni/kwj/giXhpKsmrKjaV7DLT5pGfr3PADvj6aVDw55yRZqo5P3qr2Dm1laIlx8767qmmSBe9X2blRMmM8t0xn0rKemGHN6ndjLqFD3YFSX8rVGkpTcy6OyKyNMsW4cdXvo//Kr8EI50fzLYWjb3nGxilVuhZA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>KlIiS0HJZEJbcJl4uDJDh6tir9QK4n7YfDWDwO8PxTfcAshyNTzH+yB2GyyA/8+ln0WQCrnOnVsj/lvTCQ5tJMPd9Q82/L7NAeqGKvCX3/fOAafXr3MBsjMxI4TpOtbG/Zul805pBG805Ww1fMGbPlOZhPm41a4Jyw9QfwSTbx4fA7krEl7Fb/t6sM24JeYFIB1aOUAHbh/HYPZftSoJnpKZE8S4FWlZEUdIoNSrlJafhI+4ymKxhgqgosSfTSD1GJUP9A9bxEflyz7/EWsZmrPvA0haPMzoFA6BZeOONf7+T2Er1tZWx7jTNQrqB9UjuASG4DPjgCj67QpiU3Wljwm1o1c70k/GUBbXvgEYVvZtERu7vxR8lmTsq2s3U80h0PXV/JD92b04cfooesQrV+cAkG2+GcZIGUzZUbqCurbF49m/SbfeTaEfF1roycEdjDhBfkGzvh01lmtCwkmnZu+c7V0ZIKgC4tG4tRkAQYbIqoWvplVtMvjR0A9SJxSNzZCSLokO6xLEBm1k8+ttwMlAkquZPktoyHTUGP1oafHmUIBNCAcQdd1BWpIuDByJYQUkLL53zmO0Fi12RDtATGWYhtaAwmj+kQa5sVsOdX0AqW+8/Q8yM6io6KrnWmSPexkimEOUQmHyjYDI8EXD3OUeTqBGRjFbyBUyTR+huW6+YiYPp297pc3mySjy2fmBMQKrBRMEhSc+QOnBFUgWSDN3HX5rhZgXByAQ8j5LiLyo+hiARxHLOhY0U3dMEDF4KBs4oGty1eYJdUV2+o5unk0AWLhs8LIvXS5xuLNxCsITxKzh4ETltVZbg0zkg14s7G24LfoH8QxdkPtJA3b4pMV6FVwwUmGz22nrJILOANUk0miB6vI6gZL93MrtV+lbVhscyjiudz8jqkiHtoBJOr9M2JU+m2OR43HGFlnTi7zhpmq3g4bHCVmWDCIE3Jyj/YxcNuWUbxv2N7P8zTHTVgctRGMrSCea1tWtoci0w6L7kHsXglJf15LLhoMiQtDFo13PxiqO5BHBUvBcvgyXN1r89KXTgt801Guo1DHkqvGhVG3phi8R7wbG+YOXU4drwwIje5RzHmh18a4i2RUpsHdbiJkPSyHz0HrS1zKGA1ZT4JnfdpPKnyzBbzOf1kozpXuVBT2OFJWlUXdktYMqcKpdiCBR1nXUpwc89r3UUjiJpJQnLJjhZavyBM+fId7Zfn7jvI5FaqyF5QP3Ix4cBz1T9UXeV/4vjlGYK+CywIxvDqFo4FqBsa3esC0YXvsK/kDBIXkyLVYjUsMMpj5E5KW+ByTka3b9Ya0QX3Q7IvL+M7uJIb9m+tl1n5D+6/Zol9K6PTbSCDPZvd49S46nvvjBvBd5+asQVyF2iePs8GNjWDBH1/TK/ny9hQyGzBWHNu/8/Vd1xGEFNR5YKTJH54dFlqKe2GB+ubifnF3FpXdx3VGH9mJhVdKy+JF1XA5zCVrjTsnE7ckykvyVNceiu7d7tbe1z5e1e+hYhGwsknsNfkxLL88/CdzvoaoO5t6RFVu9jhLjb+B3XRBz8oisZeM0kXUwwEJ+WzYRKC5bMKJkQ7y19pdkBF7Q/JZnIO+zfS+bSOhefSNoJS41OFufuErRem6yib01ueHDAfJfE79/M/75cIzVSHBePOstSDoTivP1C1m3RJirk8GOsodKTSC3Jsp0GxypCb2DKjRw4KxmYsQ+hFUdlbvz6RdkIJb+1qMJSjFhIEjbRga4IYvOxg4Sip/5NOCxEXXPO2vjWBrdf9SlG7DacCSY1yBkggyNhKhjpLl2sxqoatBzU8X4d3smbg6s0rczxfFLqYxmDc2FzTIwMsdHPW52P87ReHt6Oe2TkEfRsx2tVZLtc9Pazuy8AHqBKJ2V1Tyoz9eG0J9bBBlAYwGD3AjTWARM43+P5gWZtT8+axtmqV+IUTCuD/9CyFW8tm8K8YvjFJW7Y6hG3CERHpdFYQ+7Z4GwcHpZVvBSvMXFWtGkn12UIs0ujtSIHHxp9i0T1XHOJnNW1YE8MZdowVA42nKjxdQbYQWeh7LS5Ui06wazhiAE3028P///GYyetlTT8M1MDNeKKEVmCovkbPW29gly2xFLZtBWO+qEMZDnEWN1Pg7+JWuGzZSqNJOzJMJciSTmsuLaPvpvtkEkFC7qdUOzrsfn5zydGoL5yw/cgiJn1LcmHgP4Hl5fite/8reziCoI4MTXd8eAYNUdfl3wriCRCT1nN8NFEFxMrFd5HsY2G6jrMeOWCw4UOyQIjOkdOCRB6x9m1NssYsle4s1O66BHqCJTLzEF9oGIK4trM/6fnFSkvkK5msJygAFhXYigsiKbLh8aB95KxSPw+uSeZvMkGOCUqfCReTVKI4K4zOJYXw5M4/0TkAsBbPoGgVb5BZgmI+gN8KcvyfUocJ5y6iOCRQXZ5vGW3c7f6Npfx9yS3TcSU6X6lobIhPFFBbqBFRnf3qrcQOn2ucay+Il4/DsxEto5tly4zSToxDnVjzJnA9Wie3JNbzG8D7msZVZB4EUCo0H40XKtYMDZmqJvQci6zLBL/Leviwh0jEa2aXbWt2k1JjXgrlr4e82qTnoKIL9M7znUqkT+/7peHw1vUE/1cIvfiCC5Sdez0ugK/mYqwoxTSOoPOql/1x4Fk8nS0PigzST//CnfvNXDiDVlTAZ8FbGMyLfFb69/EhzF2xHhdXehfLeWJFppWabvsYsVUEFZzMVik/Px1PphRyTBLxztC+rHdL86DTPCMdZvZph7tK8Y7hDLs0vKNMjYNa1hMusatirEmzuGRTXJMvc2c3juDQattT4qwE2EVmMysGCG7mVjAfXJwO3BP5TI1ltASHtdiPdwR8+qq9zvDtt2RIC+Tj3m+JXs+Cjq7rXmziOVN7XAy97SkdxI3SYhPc17dES1BTflWl1eS/ECB+jngJECbKBet1B/l7BqeUGL+J+65k7B/lMn2Vn87vZMHVN1JrkteFR7ullDCOWo0qZ6UmjdHLiyzbqURUdrz6s1aMDHqWLEsCIySHXFNh9pKFrjVosNJ2TmsuMPO94RiLK4aCqRJJtEHq1CRG/EInI7w5N4xkUoeVxPFwZEMj8rdkDKIq/UDUZGO0qmcupMF2G6+sKOQ9qPBJkI5NxGxMLRNMQ2ovNrzsZeFqh2rVkYDUnzhptEW+HhP5iykTGKOHCgBtTZBt3Cw0jhWyicrWE6StfcYLNLZ9ST5IlCnFDo+dRenL4i9XLQQ3nieFQDcEyuRitjf7LbCTwev38MGIFSDUhF7YIi1dkgAqzsRlLHjyyHUyP4/gs9SYSsNfCHbLUJRUBQTMtXFYJRCjpTJWut08SJfnOrDnZ8pxeyZAKJ2HDYpkQj//OOwu0kLax+Pa2/9k//jxfxsq3X66/BoqCQI5qFjlmqqKnoHx89AJd5Tfmq7ViDfx/smUZnPCJB9tgFeCNpY3lrrk8yvUixvD4R6wj57emLZu5wCmj5AbRGD4I3EUT7JClvQNWk7vtlUy+6my8ztjuaDdeD8mHlSQwMBbg2cU9x+Ps6pHOzS/mW/Ga2jw9VkPS+gqNdZlHvHGbBY1W5O4cbww/BQ6eSI6MfUb/b/iDj6w8FI9q+9o7+Nr9OBCxBgIHKL2J17kNgnyIPfybO6pNXQJaNeTgIDWy9UkRV1n+8FWezSFW0pFYo+6a1Mj9Z5wNmH/QUd9/QLy79ACGjfWmdIjOprcAphFnD8ztNrW2cXFXFsnTA9HffB8Vjs1a8uh2OYhNpMc4vZEJFvoxXI6wv72FL9lv3v9Kvk0BbI6dKuCn46m8G6Ns6jXnv1m3pTlVpysPDq0xsjP0IER8YDlvpdGCprPjZaKPZUxnct2BCvELwluKlpipks3KWDXu1ogrNHPOXS/JmoJHNZbZ96hqf9nrcWhv3eAJoleAkkfln9cMyW2tA/3vmeNJUoJppKVdpKH15pJYTtUEyMfaYw3f12NQvvVexefc4JKLLQfjEl9meAM8nxBwadESPHflTLKcXSKrHEHxLAQsmVQLfzAwzwatJjBNVIkhWDZXsOI22Cln/Oto0k2F8wBjVfl60xSsow+p5+0RTOmFhL4wGPegLs0d3A38WMYoEoFJmBZfeaDflsIVRqQepqMWdJ6t+bVWeQMVtvlfu0UhXjnXwclvXzt1vbaXLK2X1win6Cr/l/q3WWCTeVWGX2p+gjYloyntbnfE/GF2FgQY5R7+V6EZjO9hSHofx/97xKjGsuhGs9pZ2VhsGpahPGAIOp3ttduYtuS14b5Lmp9LziVsRLnYv65QmYoMdsncMT1Q6NnuHfVbbGQ6QXpcQJxUTc9ZaLX4snC2YgISZZOmQh6vvaWi6zAz0qXF1eKq9arco0pnr+7rmZdLwmAfPS6vxgoeggXcaYW5OvRTz5hUoPeEXKJT2rl2xZW9imZDDze2vS6M8CHGMhykS/a2/zoMLrLVTYfT6RIouA+yU2vX+CbifIaqiOCzxuORtb07/dH+yTGO66JxXe960EtGLX1L3XNYOm46Oa2m0UwcavJICzwBgl8m055Ny9STOKJm3Q0GNWcsSgsxusWhJvxK6hj3RM7mMS6D04toVxZXkshrIbil3yeAureGmLNXQrmXqPGxJnUm2ONNu05/d+KsEJjpmscT98630iCBV6Z9IQqRXz14Q5W86OedoR0SV9agT4MeWw+vB0EOe8HZH1rSjS+ji/kKL31rz6p9vbpun33vT/e+33swUKuRnAtgjXzw6AHSXL1CQlQBLh8i40fWJ5UoGEcwSMRGTCwjP2jVFo8fzOI+0Sw7BYfqR1vRMhmATEiYIWDGnx0Om4X2Ju96r+UhBOjQKPaMxU7xJZKMKe604nyzKw0WoBsLMf6qqXbIRfRHABqcWmsFYMu3pUZqrgtM5SIXqT6TdNGJ1hPuY09XFO2vE9Nkw21x1qpVzZyXfNeEXBJ9LY3XhucVozjfzzTqrMrD5Co9FxK/zM8XeXoojg2eD72J9zAaNPi7Lg5LlFc/MAJzgw1zaSLg+IT1AnG0PLsNdmGGWG9CVb1If5B3LwiDPyw+m9xmL7e74DmLuz3apEhuizkVsGjqZROhJuWffudUSUVeowbHBg9zZ+JAs1A1ing+B157I0qDH3EgB+9rFB/oN3A90Em4UlXU+dXCk/TLd9OhYT2f0LfdpZzNV7bnx+i3MHuWFAiTO8KxPDmZWInqFhgcnLXLUBl5TT9dPP+wSPcet6HdFJo2o0gmQ5Jo/YtLOsYyRXZoi1grOT4LWzhudQS/s+qvfMJH/U4Z/rQtW4VxOh0eUgZALABD2B18Hwh5uyExDFm6qy60RJSLfvSE2ZOK+FXSAf/WEieLPNMfei4X3qCl0jZRQ7+kIbikWpUgr6KNfiESEDw058HFvs1iFbGRwbrvWM1CT5mHEFpbIvyuupYAvpfC3Rdn1n8iY3f7kQX20HdXKB6ROpuk5QdRwAGe64zp5nCxy4LH/AXQSHbr48dFnxSUv1g1XzL/tR6Q53lcO5VwDdOr3dkUqCIGIzKfxvCmv/8UZl7fODAg631qt4OAxL3/NigHc0WR1tMbK30l3xLRYrcmwoqlrvRPGeYhBwTElQK4LFSBFh2MrDbgRa/7lgwMPN8xkaW6k4pNnLUbsaQVtrQbYjtSX+OrEGbrc6WlRgytma3Om/mmuFSdCjQTyE3trJkyrVyRvB+6xAzos8Q/yKcykQXs46AZW2czNW3YJIZLtIOHimuLodXOaNys5dsVBUCoIAwj0wlPaTY5/ERN2pCLojzne9NCvAoJg4cTuBKSCnwBNJKKOXYxIW8n0LMhOix1tAXymHh5XlvZfFGd7vd2VNevzt/Wl0qFJLr9rF98eeRMR5nfTt0CVp085m09Q6NHQV1hc1RA4rRaT7Bqy6DJiG8Pahg1ejuCmBAXMjsrZUNUnm3T3+Es5qfB6SXC7ludaXrzhPJSOTANk2dof+wtmyVWW/N4z3F9MidaOMgGrDVxrSsBQyfJn70p0HnpRPgoaG+DrRC91572kPg+P0ZFD2ASeD/XGt369PxcWTA1mD4yLPc+rwZXa/oPDj8wpdRN7Lp4QjFMJ7Ui6M3CJCr7k1Y2W01VMW+2zb5+hHHyZ+qJIORKfUHA1MM+xJtBeLwCw4OO7Q4lyQ6hCSjBHgb57Dc5zRy9mYYnlPIT+LRNHYAAq0xz+vb6UPHUz4uJXgxPP0OxRTYkixjSJLV0bvSXbSw206DijsJ/pEEykJL8T6GuVOa3YXIfawD3AfO4hUU3/xA8XDkdLKFsyhpz3qrcOQdEgGEgoGbKZf38T85LikvwbBZjEHND0sR9SbLljV7qxclcm0pZDEYfc3fxWPVJFq3C/VrMsGSLkaN35wuYVkWDdKqw6djuh7wZYn50m4tgzactuuo2t6gY/GFdbqzP6yDBjdWyNfZypB5fY3UWhvfG2doFXRF5DvU6aNRIP+9uaHy4DK84oVZ+JthYmj6cndy9PUPnu3xY68Ix718+lIj++bMbUlxFpNmhtVx8ZebJnWdZ/mStMZYndYHRwQ2GY2fqwnaDIXzRLx34TDXasWbpbOEcAArD3Sx6rvbloXPEk9JB1Z3E5iGBB1qA8zlSoWUvE9JEJ6DxO/ND6FNKAw6rubxBbZcl/INypGrOPY0VMa1qtQgCuySONP1MB8vHFzhopeo4MgSDJEXV6PlPZAPolLAHlyPRSc9mCVNPulNpKIiHQUkfzY5/kGwB8z/HFosKdXZd5W/JNmAwPFTSv/Xenh8CEmXnbK7pon+xUlknWeEIynmBjO+mG4OnxIkhhw+wGoHbe9KfT3Ym23+GmdVjdgfkHSWFbQWREiaJelttCuc5GW9pUyAoTfQWXwYfwFRrx6ZX2q/qcZmv51TIchzot/qO732ikMUfldv6fcNgqVNaeO1eU3A3SD58Lt8iMFGpKEK/A4ITbbHJFTNeXXr/xsfqEGLxNZ5buCCdxkaICd0OyR2Z4FBKq2Ce2o6JyCYhfzF796KpYLgh9Yag5BDkZfhRmSomwbp7fOhKjykMheVmE2wCRfsXBoJ7W6dBoGXcqw5OkGLrBzh0+clsHh3N3hnvNuT+H5YeZAlgJar5xQZh/C8yI/K+mHsPELEzJxLcFThRWmtf0CCnxdAI+dZw54OFfZLb+waGFHS57mR48e1whueAgdf9dHQSOmnby770KxVAda1w/EOSrThVvgTfgckdJbhxvf5oAl7qvadDXOF45O2Ogqu/Uha6EEbZrNVYhbIwcRpotjw3bZp5nRck38i1H3iUFND5CUw4El/MzjEUuBvPmlI3CFudJ4kqeiDCKwrMHg4gkXzevi2QMbw6KNtunZF+tK7lTjKa7z3AdAbJJVvWPm9DXEoX4JBoj8cEyWkweCZ0g8frvbtN2N5951CBnHVv/zpzqIt9Gp1dHWWWoO90wdYXCk/V23a7WiJp5zRPRSkdX+fpH3RgNJIQhkDCZXUhplrKffIHHZV5FIHCg3BmK8JYuh8HbWfQfXCFhHE9FGGsmXoxUjmYZgtI9jtXqbS2R7uzHOz/o6wfQDCJCYAVqJCke6TodXbmi/nHE9+74MbHjlYjfc7zZRr9/nIEFOQL5+1gFplARwTbXLAAV0kKe87mIDUsVexRGqRCUUr685cMe068zB93+D5ni1XPOIKXqES4cNNkd9gm6XqLp3+NKtaKnzN6c4xSru9AAJNhONd1wCMbUWZkEBf6TuUzxmRez3pOMWLUu5dhvipbR5jIvfrglPkHQn6lq1lFvk7xTz4H83UQa2Bg+i3keg1bEaRpVZTLxW33MIgJ1k+/Jw/bRv3k6odplupunU8XEj9G3i1biAkR6N603zbPKXnwhqTqzHZjLPvg/uwwoTsPLeHO2Ev1MvbxCBLDbH2LiYlUbPfm63FUf7wM4qPv5uoDK+N9L0bo700cT/gIDP9fHGoC0fvt4dFH//FhBExcdMp9LhG0bRXtUb0CYZ08fetUHJhcfWuLS2Ir9QivI6Uhd4S67oBBJyDjXlm17ILnxOE2mIW11QURFGMQrof0xBF1Kzrq2I7LvUgiDF2iAbgQet+P6vZBNxsGf+is6Pyx/060Tdjo8av7UFht5p+Vo7MXeCC+lA76vijnua7p9COd3Mr/+/lqf</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:03:21,895 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:03:21,895 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150321Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_63ponfymcv3qpilkdeno504tf60bbfmhrez298r|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_23045faef8df6ef7b20ab382fa850f2f|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxzttgYhu3V3mtL2DvhfdTxUCMIU8Pr1l5+S6FeiC6nZQNytsNEsaAj3WaaA0ry1+AsMMvUwo2baGRN1DCcy5DdEIvBXdgnOSoHtHKHGDzw5IeUsyGD6p1RB62AQPYtcqTjw0+fXV0RVYnpQyGimNsDFF5Heg63Fk=|_33af8e3e23f1d8cc2147aa7c9e2af4f0|
2020-02-28 15:03:34,810 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2020-02-28 15:03:34,810 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:03:34,811 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:03:34,811 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="http://localhost:8080/saml/SSO"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ag20ebc067a9g2g4j6aibhieh6854j"
    IsPassive="false" IssueInstant="2020-02-28T15:03:34.215Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://hmcts-java.dev.kinlycloud.net/saml/metadata</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
            <ds:Reference URI="#ag20ebc067a9g2g4j6aibhieh6854j">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>pEeDGNPVEMZ+uYWp/cbg5jAtkN0=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hEGoc3qsA0bh8yKGIftwmHHxo3TTNdzXRH3z0dgPkViP2nf2rUEWFpw7aOeXdY19FH3WxJyD9bsoQcT4TB1x4J4ZPYvZI/gsZzY3xlB5UJLLyBWAO4XB1LJkTT7TvtF9yVzQm7nxs7HSwLO/IzP6mIpNIQSFJaonIKat7wW4al91DfqUCgAjkvTn+ah6EQzdQ7ym2/OSu1+EViihatPHwHBjShtUHzspSMct4zVOzkzcXf3HHXevZRiWZiHyj6OgydM31/IT8DQhfdQ5quJEpfmG9szW4rsQGV0yhtZ5oVmfSgtw52qnn8NV+nFP+EB6hpRvWRW+xA7sZZbqdPUzYA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:03:34,819 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://hmcts-java.dev.kinlycloud.net/saml/metadata' from origin source
2020-02-28 15:03:34,819 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:34,819 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:34,819 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:34,819 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:34,820 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:03:34,820 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:03:34,820 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:03:34,820 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:03:34,821 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ag20ebc067a9g2g4j6aibhieh6854j', issue instant '2020-02-28T15:03:34.215Z', entityID 'https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://hmcts-java.dev.kinlycloud.net/saml/metadata, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:03:34,822 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://hmcts-java.dev.kinlycloud.net/saml/metadata' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2000/09/xmldsig#rsa-sha1
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA1withRSA
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 19145315643286925739383588480527602403067271166382515603895503175855322434343354237869771034628362370255631682805778526993265117958887704167784727546385456587036361839707037518011279872400748805877773663459075558667030510034103540726948135992777303708245098807005371294042952302682803519523404660408757933044836101539663818244077030088244070044038290535134614702935425692946072886774884339323973600768963698304760185618308660831593002159276816080817652004736779697411246711621419362443557812251382697117919380813140003777170028213964083404130929220675106101102565912545554131737428593592225625205002711211563371490297
  public exponent: 65537
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ag20ebc067a9g2g4j6aibhieh6854j"
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ag20ebc067a9g2g4j6aibhieh6854j and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ag20ebc067a9g2g4j6aibhieh6854j"
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ag20ebc067a9g2g4j6aibhieh6854j and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ag20ebc067a9g2g4j6aibhieh6854j"
2020-02-28 15:03:34,823 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:03:34,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:03:34,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:03:34,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:03:34,824 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:34,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:03:34,826 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost:8080/saml/SSO using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:03:34,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:03:34,826 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:34,827 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:34,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:03:34,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:03:34,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:03:34,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:03:34,827 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://hmcts-java.dev.kinlycloud.net/saml/metadata
2020-02-28 15:03:34,827 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:03:34,827 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:34,827 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:34,827 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:03:34,832 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:03:34,833 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:03:34.833Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:03:34,833 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:03:34,834 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:03:35,039 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'hmcts-java.dev.kinlycloud.net'
2020-02-28 15:03:35,039 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:35,039 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:45,965 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:03:45,965 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:03:45,965 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@2012879232::identifier=rick, context=org.apache.velocity.VelocityContext@132db36d]
2020-02-28 15:03:45,972 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@2012879232::identifier=rick, context=org.apache.velocity.VelocityContext@132db36d]
2020-02-28 15:03:45,974 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:03:45,974 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:03:45,974 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 545ec9c79ca64a021dea55036a385d2c80e339ae20dd981a1a646f87fde7e9e1 for principal rick
2020-02-28 15:03:45,975 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 545ec9c79ca64a021dea55036a385d2c80e339ae20dd981a1a646f87fde7e9e1
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:03:45,976 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:03:45,977 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:45,977 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:03:45,977 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@316b4ce5'
2020-02-28 15:03:45,978 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:45,978 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:03:45,978 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@27a26fdc' with context 'intercept/attribute-release' and key 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata'
2020-02-28 15:03:45,978 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://hmcts-java.dev.kinlycloud.net/saml/metadata' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1614438176785' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@316b4ce5'
2020-02-28 15:03:45,979 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:45,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:03:45,980 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:03:45,981 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:03:45,981 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927
2020-02-28 15:03:45,981 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927 to Response _25ac52b389a6ec743aa5de7206d0509d
2020-02-28 15:03:45,981 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:03:45,982 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:03:45,983 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:03:45,983 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:03:45,983 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:03:45,984 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:03:45,984 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxLDmxRaI43gUx7LBYwpg55blhOV1l8AyIhtcTGgBUQJuKFMLN1sgdxU8rYBO5QZZHK3/3s0aBTzxMa+pc3ncK1ndn3GMryA67fpfZnFN1e+Qf/WtalbRYibyfAQ8WfgXYxO6vcSfHqUNNzW3Ytnnoe4EG5Eu2jg== with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ag20ebc067a9g2g4j6aibhieh6854j
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost:8080/saml/SSO
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927 did not already contain Conditions, one was added
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:08:45.979Z, to Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927
2020-02-28 15:03:45,984 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927 already contained Conditions, nothing was done
2020-02-28 15:03:45,985 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:03:45,985 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927 already contained Conditions, nothing was done
2020-02-28 15:03:45,985 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:03:45,985 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://hmcts-java.dev.kinlycloud.net/saml/metadata as an Audience of the AudienceRestriction
2020-02-28 15:03:45,985 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f487c6172ec9c6a5e3d5db6ae5f1a927
2020-02-28 15:03:45,986 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://hmcts-java.dev.kinlycloud.net/saml/metadata to existing session 545ec9c79ca64a021dea55036a385d2c80e339ae20dd981a1a646f87fde7e9e1
2020-02-28 15:03:45,986 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://hmcts-java.dev.kinlycloud.net/saml/metadata in session 545ec9c79ca64a021dea55036a385d2c80e339ae20dd981a1a646f87fde7e9e1
2020-02-28 15:03:45,986 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:03:45,986 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://hmcts-java.dev.kinlycloud.net/saml/metadata and key AAdzZWNyZXQxLDmxRaI43gUx7LBYwpg55blhOV1l8AyIhtcTGgBUQJuKFMLN1sgdxU8rYBO5QZZHK3/3s0aBTzxMa+pc3ncK1ndn3GMryA67fpfZnFN1e+Qf/WtalbRYibyfAQ8WfgXYxO6vcSfHqUNNzW3Ytnnoe4EG5Eu2jg==
2020-02-28 15:03:45,987 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:03:45,987 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:03:45,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f487c6172ec9c6a5e3d5db6ae5f1a927"
2020-02-28 15:03:45,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f487c6172ec9c6a5e3d5db6ae5f1a927 and Element was [saml2:Assertion: null]
2020-02-28 15:03:45,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f487c6172ec9c6a5e3d5db6ae5f1a927"
2020-02-28 15:03:45,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f487c6172ec9c6a5e3d5db6ae5f1a927 and Element was [saml2:Assertion: null]
2020-02-28 15:03:45,990 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_25ac52b389a6ec743aa5de7206d0509d"
    InResponseTo="ag20ebc067a9g2g4j6aibhieh6854j"
    IssueInstant="2020-02-28T15:03:45.979Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f487c6172ec9c6a5e3d5db6ae5f1a927"
        IssueInstant="2020-02-28T15:03:45.979Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f487c6172ec9c6a5e3d5db6ae5f1a927">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>1BbzHSOI0G/y3htS+W+D/VjR4jdBu5T5PrPPMOB4E28=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>smxqivniFgHsR2Vd4hlkU/VbAbfDAqK7Q3x1g7UNwwWXE4/+KdalL6h0PWvm1uEOV2xFMjvCYsPn6aYJsAZVFj2Q0KgW1QjwJS6t9UGQGBpaKIdXZCFVoZs3PvOWTv66o5Z86hVqnpOotmyZlrwdfNK0m2WtdtPCEFUGOxU+GpgqBvMFTxAIK2G3mzxLk/n95MmaRCe9mueLJBcX4PIZpNYGDHNfnFZ3gpk0loP68r/W9Dsaw/kGr9gVYO2QkAdIiLMsrDax9SnszR4u86IYnSwhCwL1S671LCk1e2vU44zX85+LjkGqta4kLdQiwSo8allOnSk7XRM5AXXxb2g9Sg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://hmcts-java.dev.kinlycloud.net/saml/metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxLDmxRaI43gUx7LBYwpg55blhOV1l8AyIhtcTGgBUQJuKFMLN1sgdxU8rYBO5QZZHK3/3s0aBTzxMa+pc3ncK1ndn3GMryA67fpfZnFN1e+Qf/WtalbRYibyfAQ8WfgXYxO6vcSfHqUNNzW3Ytnnoe4EG5Eu2jg==</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="ag20ebc067a9g2g4j6aibhieh6854j"
                    NotOnOrAfter="2020-02-28T15:08:45.984Z" Recipient="http://localhost:8080/saml/SSO"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:03:45.979Z" NotOnOrAfter="2020-02-28T15:08:45.979Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://hmcts-java.dev.kinlycloud.net/saml/metadata</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:03:45.974Z" SessionIndex="_5758719769658093349fc664f6f4b9ca">
            <saml2:SubjectLocality Address="172.31.46.7"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:03:45,991 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost:8080/saml/SSO
2020-02-28 15:03:45,991 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost:8080/saml/SSO
2020-02-28 15:03:45,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_25ac52b389a6ec743aa5de7206d0509d"
2020-02-28 15:03:45,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _25ac52b389a6ec743aa5de7206d0509d and Element was [saml2p:Response: null]
2020-02-28 15:03:45,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_25ac52b389a6ec743aa5de7206d0509d"
2020-02-28 15:03:45,992 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _25ac52b389a6ec743aa5de7206d0509d and Element was [saml2p:Response: null]
2020-02-28 15:03:45,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:03:45,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost:8080/saml/SSO' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x3a;8080&#x2f;saml&#x2f;SSO'
2020-02-28 15:03:45,994 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:03:45,996 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost:8080/saml/SSO"
    ID="_25ac52b389a6ec743aa5de7206d0509d"
    InResponseTo="ag20ebc067a9g2g4j6aibhieh6854j"
    IssueInstant="2020-02-28T15:03:45.979Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_25ac52b389a6ec743aa5de7206d0509d">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>/F0e1h5lq8QPvcUbqwO3pIv2q8IavDY/CrOlChwNc0w=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Wnq3ATwnXCUO+mpKe+DsOmLMz2OEbIhqqdTCFnsHnAv0EE4ms9J2Q6ld+V0hFbYtt2GOfUi7PBEhN6F2MssIrzLyb+act0v62Y3O7B+QD3GGyKM2fdoLg4e2kuwZ02aFYupAqkV3du5IW92twzVhHxy1Rp7FemAZgirHsy1kV3Grs5CTBICoaeIJbOXJIScSuON2ZwAlwUGq8cP+wrSpMUCq2qp0oJyARV3XF0Du+BCn9cZ6UlTT8rIJw8KJ5FNk66A0jPFki2uq+FpYaD3Sq3C4EM7sVZ+U5c3xeNiyXU/NO3Kwp1dC3K1bqr3E1IfczC9R3LF7E6T8Ri26v0F9XA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_85c8ebf91305f714537d538b0c770d16"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_0d3fa319182905c8ba90aded3dc46872"
                    Recipient="https://hmcts-java.dev.kinlycloud.net/saml/metadata" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDUjCCAjqgAwIBAgIEUOLIQTANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQGEwJGSTEQMA4GA1UE
CBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kxGDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEM
MAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8wHhcNMTMwMTAxMTEyODAxWhcNMjIxMjMwMTEy
ODAxWjBrMQswCQYDVQQGEwJGSTEQMA4GA1UECBMHVXVzaW1hYTERMA8GA1UEBxMISGVsc2lua2kx
GDAWBgNVBAoTD1JNNSBTb2Z0d2FyZSBPeTEMMAoGA1UECwwDUiZEMQ8wDQYDVQQDEwZhcG9sbG8w
ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXqP0wqL2Ai1haeTj0alwsLafhrDtUt00E
5xc7kdD7PISRA270ZmpYMB4W24Uk2QkuwaBp6dI/yRdUvPfOT45YZrqIxMe2451PAQWtEKWF5Z13
F0J4/lB71TtrzyH94RnqSHXFfvRN8EY/rzuEzrpZrHdtNs9LRyLqcRTXMMO4z7QghBuxh3K5gu7K
qxpHx6No83WNZj4B3gvWLRWv05nbXh/F9YMeQClTX1iBNAhLQxWhwXMKB4u1iPQ/KSaal3R26pON
UUmu1qVtU1quQozSTPD8HvsDqGG19v2+/N3uf5dRYtvEPfwXN3wIY+/R93vBA6lnl5nTctZIRsyg
0Gv5AgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAFQwAAYUjso1VwjDc2kypK/RRcB8bMAUUIG0hLGL
82IvnKouGixGqAcULwQKIvTs6uGmlgbSG6Gn5ROb2mlBztXqQ49zRvi5qWNRttir6eyqwRFGOM6A
8rxj3Jhxi2Vb/MJn7XzeVHHLzA1sV5hwl/2PLnaL2h9WyG9QwBbwtmkMEqUt/dgixKb1Rvby/tBu
RogWgPONNSACiW+Z5o8UdAOqNMZQozD/i1gOjBXoF0F5OksjQN7xoQZLj9xXefxCFQ69FPcFDeEW
bHwSoBy5hLPNALaEUoa5zPDwlixwRjFQTc5XXaRpgIjy/2gsL8+Y5QRhyXnLqgO67BlLYW/GuHE=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>gPIqvHhG4BRGmP1kpumGk6uz7RBSPJVFHet3LOGeVAcwStQuTAf3MJJKA0NgGrTRuE/NeFbfMahHQn9mhmep+Ri2Fa1pwU3WcYTodUSK3iXp4tLhIj3j1uhR7ThjytebsqJLPijMDe1b0gbjCTGM4e2OgtF5wSguFv5aN6NQmYvkjLHjlsj7CB3icmLKPM97K0URsXvkzjoLPMSagBOF0RB1HELT5Xb+8t5zl8VmBJa1D5hVIyrNgCvJNDIRaazdrN4bVDNYaHAEiyaWmIeXaob7OAbCGf9iTOku0yVxWhkGeVN79w+lNgUFnLREU513z6B99ku+iZ78CmrHzPA0uw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>I3Bs2/AN3Ik36oQQorvuYFad6lPVtvWBu7SSB+h64hov4sq8dM6q2WkmNX+dZ5ECY005nOkrCFmarjfKyNwCjnsnnHeQx5oy3MBgNki0axlMaNOpEBVcYVp4dQy8MH3k2Vs2f5qk1KQ/r48O5xiYxJqID9v9H5g2SS/llS1E4JAr16tFR2S5PFnDYfBE8HNTN+/Kd+Kf7vjkfvHWbP8GXapvABpMI4u7dDnBwAfNy3yyBfq1CqAG88im0Z/kQRDu0IEXAWVRKyWiaWjJ4ry0qPf70qjDNa4KsRnpxUX2ZdfHlsx7ZPJ2c6VRFHjNSVi1xQxy8y+tf0jEHB6DoO2hOFfTrVw95oA8IW3vEGeOxofSVgcf0KL1wu9saaWMcoiTGZW3koxMOXHCX/LKkktck3/6Hy1xEhNTwv5YxWPqSM08rOKY21ou+XA/kvWAjH0JqccnugBclAxsXqWyOvvRaMaYnvZcsXwtoOy4PEjWelZhfLPK8uqJfKOoKz7Kkvms1HFJ+UvtWiM5KT3HaKHnttwlFB/hxcyQ6k5RfBPhLvcgm7XkJT4GlfU+K/7twc5t5bEu4ByPtFWqUo7/+w361bZvsOe0MvXnE8JfGtMeQ3EHHRn06koZ73gQBp/3MoBsLsetJ0HmZ6vLLW4jOytM0fwXKghvwaR8P2ASnjMudROQ4r7UHV/kY7Z9kKLUBir/36iquJfWIbYoR+yQQRIATEyuQyTD/V+yqAzvjTUPoi2XM1NVZKXzcRZudlhjyos34DpRz2nYz7DZhAocGofhUaPROutsL7/xAFr0S7kj4JFkn9LeROSkLHZtAvJhErcrlWuNNQF4eFxHtweOPiTH4nxLMqW417IRx+xeYL1NOu7yLWRXDSeruNjX8RSErk0zWAlEyrDz7eWkaC4ncEsjhFsdsosPW634ApBF2kREM8TylnY3jmFjINqPHsQwo6e88G6Plw8ZoWXeJ75zbL/hSw7s2tAGPYxKMYX6daxhl8ujebK3NhipzaHYSZ7YbKIoJKGzvoagGmf4AEd+/Aexp/RSTZo+O3sRd29D3yDzCz8m0rBBRm1kmU3fApu53eJpMfWr4pg6K/JRsIpLKRkBK2eBwWazzfKTRZotEqK1GkLeq2QRXkEIxTtQzHVS361Nxpwn3d+yPRQoLVFf/fweMsJ6+oaH85DjGYGfuVFTVs+l1g1oyDSYFbBLoYFLuE1rZnYbEG4nHRtJGKKDDNY6uBNTrQwTRurl/fLGtXTP7MsszXJvAJ/w/4qqMVhifkLCDtP57hBIYLReqS9UM6dW9v612gw5fY+IrSqC3UxTQJol7cPhniRydAVY8SJWEukN/joP5IB6A7WmA0Z+4AzGQBFt51sbXx/rO3S6dS1xgtMDvZfu25TtPasz0wrnzgN58YFQPgZCX+hrlri8PMcz76WF+uFlb5VAMyM5tuXYkU+2eMbjhT1dHgYgg6x6YQ+zTyiCCNWe/F7q69feJhXb7ev0JYt88rJrVlLfOZ9xsXuRWRADRAiHiEjkkl2l63gHwhCsuLARBchrj86OQabopUwLM3JpfMKQb/obGqtkN5yIyrJz69/iCcx/PLms/j1goVEZU3YzV0lFFRzNZ+CZFOgGsQ87r+wujub0OzpkXA2N7V8i8/xKe5dbCqBCymOJSk1dBPNnsehPfEqXjpn4Wxq7WbFaZrOQfNYqJNhPJ9GYwIWOiKK8MRXgRVmvK810HJ6Gaz47tXaQ1hYaUCl2OI2IkPUCzysGVK2dNTXZ29Z5ebYd9PhXR1EPyOetjnr9tYducLDH/cp/BmEGUa34hgymCXl1U1+u/Tw0fDm+EAw+n1RjZd/tFBzuTAHZjnqjS2gs3/cR2RrKUELoTQ/fjxUsWsVbEqI1r7bxURu2Z9S5MpXMKHbsZuttiXcSS47gbi3ZP7+VWhJPhyk6nA9HduuhUW1AdziYaOmWcpvkEu2bNsuT8GyBODpkawBn2FlMN+5bWsd4Kvzv8V5nq2yRNuQPYrssaQhm59WfPVC62X8tecq5Bu7H69cZlphOx7+pr9TmUU4Xoil42L4OYlvhhovJAkhSzuqyU47XbBhquU5Bc/kdcTL4EpJ3p50lWZQy1we9GkPzKZgQ4VEix9ek0mcC/BIAAv/8TRhigJSymvgLtPHnLxglKWnNReQ3d/CLw6n/9io5b2m4QtUuVGDlG9fi+SLwFPGFu9Y0f0m/aUNq4HgSY+vRGWd4lXVvsB/RX3H7PLX63h2fOz/KtkHOSdWXxkRfn4LQE/YJSZym6E0mxaL2oW4ruhbHvglxf72DsuHxyqBDMaf9PA+HmT9cyU1cAsM7MduWys/l4025pID04OtAZy4vFto3dAc1hvf7o8TDzg6tjF10JRp+sutGtwF1TZPFuGWftzv5e69XvFh86XyiBVxSgZPtqSSnLGxKhe6KJeLQHOc+dU99rl2xsZly3RPI5c+cCdZYq6LXab/oMhE+FApla0FExf4LM1WmzBXyVLTxyX4MVOTc6G8LORK55MfBWp6Tnj/3KKTGfFYGikeYBgMyf+CXuWjA1qyy67uieW8b5PuYx2v6rS+gBt5EXnyYBq8ZGWTDMcyGuq1c7mPyIxL1zCo0TNrD9H67+4GVFdBYu/1nz6qMHnU0y7ocEKzCm0KNCiXKxIpbv/+d/DPEQ76pClmTeKn6T9XHu/luWtlbyjrjk2NfW5HPlbr5cuQDKGVP4Z1AaollaJjCOKuWTcrjYeWruymtfTcx7Ud6gMawwUpvfOqoie3FHvVLfFza8aK/qwjXCFQa12ObqaCnIDVqvlNXJhcSppR2TuvIFo+DGUwJA1vHR5dk9Vm5hgVUuowkX3LsZVXzwx7BG97VDA4/nDbz0iPDHzsyF5WjIHZbHnVbBXXm3tiR+rlTHOdsLAy+YrDiS0cczuHDdKVDdXxQOp9CZq0pxQXNvSwRLIEvUUwcbRdKeC9rFIzwAoW9t2IaTkE2svrfAJ+3OeVpi+YlJS3tnCqtNtjPx1id+rdO1A09Wg7/tdJ9kW1D8+4Isdtrp7pIk5PwuDFiqihb5XEqV/0lDpDEm/t4McjwT8s03fvZ7atTv02Jfbc+jR7eiWYJ8uOUeBKRp8can/xJKl9Qih050xPwLIBNZtF105ZK/xNcdUL7xLRtpwH0Q1/LFmaL69GXcBSM5EKLhxDjpzgxNzQW3fbG65w74FL6DpoDWFR3DXxgg/6/l9lQG5KTir1RFGwmQg8W3uGnoS36V2dqLgf7kc22x7lL1Tis/kC/Mid8OGcikiaFyyUTV/ZbwpqHqH5/jYxEpqNvNIKOeBXHvZJ9Xdg1YKUllA7+GTEzCO5L8utYLE0P+f/w6ZPTbFKjJyBKELAdIEJdkXVq9eHYotCSF5/TR0q3SL6eCxCvnDtBXvJpORZtQVBBmbape8bN6i/SgAM1RARkzkAcYhGPPaSEgDQPY4a6dBZMj38TcNWFzrHsQKaA9sx7XU8r04v9m/irwU84BZD7n1CRnMoKMWDIcKibQvBvj86lS4v8rH4C3eit/oSuOJ+gE+4yj5KuZCizZOkr742uSMATfSLHdXGOEicjg2J3hyrurrmC0v+b5B3O3Gi0viOtLtlHW2RBhqBxQP4jJqHpbssCnptzWuXEdoELkIY3HDWIel9dWAIs2mniQVQGbeaXi5qpT9CZBcQujeleBNgdPB2WcBfAnrt/t8IIM0HI27+YzYxdKiPA8hieEI44mfQqCck1nPIQ4B7UP1gI3BgMXUzhLg/Tj8VabkZOi5m6+/Jr+Bfeil5YekuEI0lFKgr40jebrvFR0IoHyztQt5DdWiNwNdQhic8wlYbHnU8v3mSMFEOPiZ7/vFZNzheN8+h/6U/XqbsHPQ6PTM5OzKXNq6aP5QTXLAVRlrHWxiFQn/sJ6f4NGx2Qj13IBwDFVEAPaAHTqKWJ2amVdJlXFdeCQxTjXHYB72IdowU2JXUFpdaKWOTUL/HvInojk/FvsUU8U54OYfCcv1tKbuSh+CrZv3Qc1BrpNaXPtc4F5tz9Wn0Gp99VdOulhE2oO6bMZnfCgRFL6Zqih8lP5/OUv0eEWVhfW/NMFul4y6vSV7LI/p/7g48nGQpIPNzPclI73eYJN1VOMhD6pOfG4Z/UIeND4Pd3I73dB2YdevJwBFgfFDlPkyzCMpLZ1aJ+9jqV63++xZnft7w4aTy/jCTGVmIaYUTZ3XmHL/GzATfYUWbHJw6cbjH8LhbyUw8Uef78BkiG7NgkJstn5iEOirvVOUaxab3MzLFm5XLcWb2YFZtD+GXEo9CjS/thmfQzg9yD1UekWrA8X3yUn2sg2ep4cxV4VWRaMhBTx+TJkPgpgH9J3TOoxPWnftr2GecjARRedbs0JPHTpk+YIbVTwbmKxDk8cRwfcEBytof/RIeE7JG5JDinZKNeviSgPLLhUSO/aDytuMYJm+rQpIAbjaXpOWd3BqRxx/WQf+hKb4lQnUhuyQWyAO/PgRvqD8Bf8hePGWPrD7uZXt57EwXDi2OENHd7C14SxRZXL+MYi4eOACqYFDqU4GLf5u60OU0bn32IB2sWV0zdFxPecFZ7ZEnhyxsZP7FMjO4Y7wWopLy6wXm1GIXqUxGWomUTqXGPvUqhgJ/YlOqwpkQ/qIPMAjMTzqarlOwfSylOPoneNY5yMZfOeKlq3coIfOfxRmAUpi17LGJ6Y8hzp1f4aRJC01t0r0mZ6GyxTL+KoZaLDuBt/Iptrdf1phW3xVwIBnB7/NiLdxGtAU1W77m8xYIKIJzsU/yEPE5czB53ZJO/5pwG5LSmlWGwA5wedB44acIASRRlmhe8Hfq+1Fq5Y3WJg4WzW1F2YALaqjsC0pgIjI2NS6+G1LIh9Igl5xj7Kd5Kooh8gz/K2URX3o/ytInc3LpMd44CPUTiUcjd70OZbcKinwJAZPZmR12oPFbtKJMf70SxU6g9wtMci51mmfvts+zvCxCOgI7sLIdmzEx8EnlATyATROyHBRS30QK6/JGxRPbU6J37mrHU1ZfCLOkom24iT6u7Cj+T3q0OjT6CaM6OC95wzctVLCkEPiehSRdA5dj49VWGfD9AtrqBTiAaChO/6WqqpptSwaTAATcBM6DGK34T/blExkr1bLW9htXZFQMDWXTUAz9km4eFB90KoRO2SZc4cHJqXxlmIG8bVitWiW+x4qsh23YUbgaZ/ZgFzcd6syq6L5Be5PhU7MjplXcQI6Pl4GPf+4yV1j8yGbqoPILRGZHYmfi6oeK3XmETJ2oV5/4QjBx/jQp5rgDUJpATXOui7l1Rv5hJ7ZFpa26KZJaHilJZtbDUjD/Pg8tKT7+MU0cde7IcUzDf0NqkjbikTISEpvqdslAgurxZfBRWJNFm1DzHe7helDSBGdSsnraZmxv2xIPmedBVSQMmcxew55T6fJkh9ldPXOo1P5VEf7MIkVPMd9YVJMSrTamqtvG9TrMvwduhNcCkdGxdNzIom/cVUQhofkb+3GqyWhyT7B1LmGqwMoIFQvyZPklhd2p9oV9fVbCMKa7KQ/d4L9/8+EBJhAvJSUpVn6db7FzAjhkxcPghWvNxnp9fFkV/aP8TP2Gr4J6dLN/NwodOxc6DBdRS9Gn42RAi0JakVpgOyHQTTvuc0vhPuUzCtqxBuKyEBs8MpC0fPkm7rKeIFsjfsMYj4OUBbDZXSK0ks00EoHlsZaYy76p8OlV6x4/qLlPoA4bVofvEtJ1W6Q/f9lK2AlmTOra6LucG0rJQj0xC7IqjI6kkfDgEbfKVfSq2NyOY0M9Maez6pwZwzsxhZptks7VhlCXy2HzHXrdp2dOsbbgDkkNVbfoSVdKsQ3g1HwEJmiADVIEk8kAwT8yzVa6qqLPeCSQWPL7LBwUroapaqnU3xywc+AbVM3scGyRmsuHE10tLNpDjinZBe04f2m2keSeXpZAN6M6YjZ+4Atn9zA+n2HNy8qH7vvp8Sm3KHKueEdFcESctS0uxn8VQLYDjKUmzY3diIMUGUa8cIbn/vauF1hTmPE3QT69gPttKq5z4puLa/nziAWRT5S8owDZq/cKAypHpAGN09EB/JwxQlxefw9JT2eZv9Vq3HuG8/7fYTb7WXA06TyvGTQIF2N48WOpcany2bDgZaot6JUjFNW+zI+G9FTEtFEW/NdW4H8FHDB8r19r9saY/b5o2RUMS5u9hyjGkGOsSdGiGregRGXc/ooVGD9mac3r17jaZNc1tV0JXiG40iLza1N5klDQt41W3tPrMqQcw1IgNuw9faXWIjEoMtkes9W0vPiITPPhFgbxEWt7pomVjGoS2huvlJCoDaniZvuJ6tnRQRx7r3b1BWvbUSfYsQr9B4cKWH3NCU3BoVPl0tdks7b5xxipzWjJ5VDw9jAoVX9vGv+/sZN4IZAB9gwrOzVo/31UaBD8oDEituvZDrODK9jbZlU2Zqm3MnOJ+XeyiJAhLUmRXzouyFXVTEbf7e9tPCjb+peRU6nvTK3VhVv4VwZzS//gpTQY9n2v0KT3FFaK/zOZLbdB2FHOaVLiIQyyh2ekvoZLpte7qZl5W8JsoEJQEdK7u9PlA19tUIPoQmKiJy3uudgjdb66GLVptodcKtExkJRkO2bDGcy6ysQW+QRcrCj2vG2PdUPQkBKSWY4W+iuLs8vay1To4+Xps0T6StZlwzkktzdrVPXkbueOzuR9FSN0XVsA93VfMdBmy/68yUe4vAflw+RSr4HGXkaWxj7P8VEZevx2eEXvUmwUZinQjJOcLGosLvh7LJY9Y98L1VbYxBvokRtQSBdgEVA94E33DGN5M54F7ZlbQGnClDQcCJEsyp/Gi8m4bhZUCqQTVdBK7Fh4bTpIhzZVuaeyGYWqcP4lpf2pyVbzNWe2R2nH+87hxLm7UFKkf71IPoCZU+Uy1Sa19l7j0z9GA77JxfSjzwsPRaDCXJ0Ls2xs5xmjaLOQrpgR0aIRwUrP9Irwu/9H6LRB8TR6aGNm5Q3jMX795hIo6lGrl6o1WZWLe6Pczwr0fJfA4f6KiFSVxPsPhkVPmmQICeNISjg1zx5c7wdMe7IwxTB7h1w+RLfKQ7OpgxlLu/nxRaH+6saIVb5KxWJqmQvvER6mq2xhwnQmFJ5W05Lij3zHvp/gkJiU76+V8AmpcBCvYM+KJRPyh8rrEjEYoxm/Ab9k/mFhsKSUUsArOo5oE7IBPC6+xQvmpVCTAoo51KQCTaAVgrYEIIrBwhMtduU4HTuWnHAxxrLvw4yVSZKRHP42K0pldXABg2KUeb+C2iw1gA9GmcN4BzUAx4BXZo6ouAzco50sBpczwdz6PzapZVqQSMTKCt9SwIyQdAJhkUelYE1EE1fqbups8+TUBqtfLQVl1/QDUzZY/CaWNrORfDH+3krVEoyja2W0vTl30yR/vxwTPKwwmCglQrPeCD06vwY2QRnfUyEv3HRDZg8IYi26xpF2zyE/dj27Ugs6GrJFxPVE6Q6MRrYzJXT/6xIgh1FxCeDflqlYlEjJTXfWkeUc0iSUeNUUW/pIoxceFD1Kj8hVe1jdEwFzUyjiKJ0Y1QVuY7mDcCKTZ76vtbmhecY7G317amruAGubnEM4LTmNZLBzWlS+baZwGcqZ4iBgbt5BHUEC3V60xayV3HW8j+w7k0G5uVaH0zrE3fjWvYqKcMgEu2GmHpI8Wsuy3wZNpWV6oQFF50azGcUV8L0e24552PzrZqzyiSn0EaUK7F/h+bgONbaxwR82dUOI2EYCOOtBra0SJ8T8F84HaJiSoLt1dkBXvfVeRtdA0cZcMpoALP4WmuWNHbJdnEsQBQq1hmBS4EVFR3JmPEhFKETwmaziwpmHNGRxR0EXIrQysfgkVZS26bacdPaIej1s/BvktpBLfFesnftJNORM4fAdtA8cNStyYR7F98T4MV0FIHHxBGfKimfle1MCagktYgC2HNwnkYdBABBeU2RLsONdA7+/4k7h1LH7UPzxtb7giUK7LCFe7ijrJAdfCODl1EMu+</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:03:45,996 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:03:45,996 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150345Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ag20ebc067a9g2g4j6aibhieh6854j|https://hmcts-java.dev.kinlycloud.net/saml/metadata|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_25ac52b389a6ec743aa5de7206d0509d|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxLDmxRaI43gUx7LBYwpg55blhOV1l8AyIhtcTGgBUQJuKFMLN1sgdxU8rYBO5QZZHK3/3s0aBTzxMa+pc3ncK1ndn3GMryA67fpfZnFN1e+Qf/WtalbRYibyfAQ8WfgXYxO6vcSfHqUNNzW3Ytnnoe4EG5Eu2jg==|_f487c6172ec9c6a5e3d5db6ae5f1a927|
2020-02-28 15:03:46,766 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15544-FpUdxWL52SFnhy6JPtvQYnCf0E5K4Bph
2020-02-28 15:03:46,766 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:03:46,766 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:03:46,766 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
    IsPassive="false" IssueInstant="2020-02-28T15:03:45.861Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>EarN4rO/PvJwC1GU8iwbFMKhSGAfKJT2rmt1FgqVyqI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
taOVGuBjTI1xJoIAp4fwvrq6psCpx98tDaYpw+AvE910VTHvzr8a6LkGRXbETQgXqgnRVNnjK4YC
LxQgLGxmMG3x+bhso+HRAj3hJQfGt8kWGjRdBsZAzVG8GfdS9Tfhbf+I8cPR3XLiqCfzxPFivzf6
w/BTB5p+3djNV5Qy7AFVoudMlNQMIN16ji8fQQj9Fa6xCzp+HsKIuyrivs55agFHWOH8CNEAh95B
y4NDVeWKPpfJPmLJORzKh4KL0ZwI4NHBbLemC5qkGx/jq+wyRSNcX4HOKsDup7AgOsf7GEUCAXGK
vRtuBVtjFGzWONziRKZoQX860s5V/stub1lFrA==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:03:46,768 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:03:46,768 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:03:46,768 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:46,768 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si', issue instant '2020-02-28T15:03:45.861Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
2020-02-28 15:03:46,769 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:03:46,769 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:03:46,770 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:03:46,770 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:03:46,770 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:46,770 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:03:46,771 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:03:46,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:03:46,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:03:46,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:03:46,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:03:46,771 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:03:46,771 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:03:46,771 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:46,771 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:03:46,771 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:03:46,772 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:03:46,772 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:03:46.772Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:03:46,773 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:03:47,049 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:03:47,050 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:47,050 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:50,232 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:03:50,232 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:03:50,232 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@650043945::identifier=rick, context=org.apache.velocity.VelocityContext@7cab1801]
2020-02-28 15:03:50,233 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@650043945::identifier=rick, context=org.apache.velocity.VelocityContext@7cab1801]
2020-02-28 15:03:50,234 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:03:50,234 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8da97e05e9885e0de3e2af7ed5260e33ed4d2b300fe13e58ff9d15e996470c90 for principal rick
2020-02-28 15:03:50,235 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8da97e05e9885e0de3e2af7ed5260e33ed4d2b300fe13e58ff9d15e996470c90
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:03:50,236 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73896b16'
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:50,237 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:50,238 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:50,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:50,238 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:03:50,238 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:03:50,238 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:03:50,537 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:03:52,541 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:03:52,541 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:03:52,542 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150352Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438232542}'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@73896b16'
2020-02-28 15:03:52,542 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:03:52,543 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:03:52,543 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:03:52,545 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _81e5af43c9a63d27e98f85c30af4c82d
2020-02-28 15:03:52,545 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _81e5af43c9a63d27e98f85c30af4c82d to Response _8b52124736ed143c6c5293efc05afc89
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _81e5af43c9a63d27e98f85c30af4c82d
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:03:52,545 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:03:52,546 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:03:52,547 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:74] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:03:52,547 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:03:52,547 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxdgWdfBwtDb0SxVzI5/m1b67jh5GbMRjXTTHAM7UKvZXh/jRIqKPPtW15M5lcq2c8+6DmdzoQNcbuEVy2D+fowGxnFuictW4q9z6uFzUjmQouHYKZpQzNHwY2zyiCXRN8dS75oQ3PXEm5l4Gb7897YYD3Bo7mDhw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:03:52,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _81e5af43c9a63d27e98f85c30af4c82d
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _81e5af43c9a63d27e98f85c30af4c82d did not already contain Conditions, one was added
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:08:52.543Z, to Assertion _81e5af43c9a63d27e98f85c30af4c82d
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _81e5af43c9a63d27e98f85c30af4c82d already contained Conditions, nothing was done
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _81e5af43c9a63d27e98f85c30af4c82d already contained Conditions, nothing was done
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:03:52,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _81e5af43c9a63d27e98f85c30af4c82d
2020-02-28 15:03:52,551 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 8da97e05e9885e0de3e2af7ed5260e33ed4d2b300fe13e58ff9d15e996470c90
2020-02-28 15:03:52,551 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 8da97e05e9885e0de3e2af7ed5260e33ed4d2b300fe13e58ff9d15e996470c90
2020-02-28 15:03:52,551 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:03:52,552 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxdgWdfBwtDb0SxVzI5/m1b67jh5GbMRjXTTHAM7UKvZXh/jRIqKPPtW15M5lcq2c8+6DmdzoQNcbuEVy2D+fowGxnFuictW4q9z6uFzUjmQouHYKZpQzNHwY2zyiCXRN8dS75oQ3PXEm5l4Gb7897YYD3Bo7mDhw=
2020-02-28 15:03:52,552 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:03:52,552 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:03:52,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81e5af43c9a63d27e98f85c30af4c82d"
2020-02-28 15:03:52,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81e5af43c9a63d27e98f85c30af4c82d and Element was [saml2:Assertion: null]
2020-02-28 15:03:52,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_81e5af43c9a63d27e98f85c30af4c82d"
2020-02-28 15:03:52,552 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _81e5af43c9a63d27e98f85c30af4c82d and Element was [saml2:Assertion: null]
2020-02-28 15:03:52,557 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_8b52124736ed143c6c5293efc05afc89"
    InResponseTo="_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
    IssueInstant="2020-02-28T15:03:52.543Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_81e5af43c9a63d27e98f85c30af4c82d"
        IssueInstant="2020-02-28T15:03:52.543Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_81e5af43c9a63d27e98f85c30af4c82d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>e4DCII5J05Yw5sLoR3njnjAysHh/3abz6ai+0YUM1aIyGgulVigIdN2dX1A4xWCoI1DeNNh+//a1UmUL6Q0gKg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>ZHQJFSR9809YMa9FNHShf1PTZMeOxNI0etBu8UzYd7RVK4zfrUXe/bxxg6P4SDHLmT86pr/Er93vIkdNeWJD53EBVlBe2+dmN3JGfY7+9wyw84XG+IRIbEnu5bLwnlhor3/0P2vOEsfPZy4IJiiXyP3As3skERLDNKkBnTblPgiG66HgjydmI1HecATb9eq30UJjVjFYXlbHhof1IrxNXk8FrVHqDOTWS2eJaPUuBpVgQM22HB+33WX4LZHLx9WeWrDkcC6GjC16y1WNCAPVqwLZBez6szxtEKI35K+G6c8wanyuL1YKqR7QHvWC9ABOhxuDiwzK7ZNWXG1Ll0Waeg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxdgWdfBwtDb0SxVzI5/m1b67jh5GbMRjXTTHAM7UKvZXh/jRIqKPPtW15M5lcq2c8+6DmdzoQNcbuEVy2D+fowGxnFuictW4q9z6uFzUjmQouHYKZpQzNHwY2zyiCXRN8dS75oQ3PXEm5l4Gb7897YYD3Bo7mDhw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
                    NotOnOrAfter="2020-02-28T15:08:52.547Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:03:52.543Z" NotOnOrAfter="2020-02-28T15:08:52.543Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:03:50.234Z" SessionIndex="_40e76ebc91db74a335ffd11d77fa0838">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:03:52,559 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:52,559 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:03:52,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8b52124736ed143c6c5293efc05afc89"
2020-02-28 15:03:52,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8b52124736ed143c6c5293efc05afc89 and Element was [saml2p:Response: null]
2020-02-28 15:03:52,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_8b52124736ed143c6c5293efc05afc89"
2020-02-28 15:03:52,559 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _8b52124736ed143c6c5293efc05afc89 and Element was [saml2p:Response: null]
2020-02-28 15:03:52,572 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:03:52,572 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:03:52,572 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:03:52,573 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15544-FpUdxWL52SFnhy6JPtvQYnCf0E5K4Bph', encoded as 'TST-15544-FpUdxWL52SFnhy6JPtvQYnCf0E5K4Bph'
2020-02-28 15:03:52,575 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_8b52124736ed143c6c5293efc05afc89"
    InResponseTo="_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si"
    IssueInstant="2020-02-28T15:03:52.543Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_8b52124736ed143c6c5293efc05afc89">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>K+OwjeV0TJYwlzDKyH8kbOGJ3n7M36qntG/aPqhBZHrrbkjLkXOzGktsYo1WH9W+jXj/WlbdWnRy28FiKdlRLA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>FLflchrrpecUimpcjZZTiwSGjkGBM9SxzPheM/dliPbSOuCKrV0uGI0Y2gkgZlg5YvJ6JVoAD4GlBMaUsFVl9IUq4dJchFfnqfSEk0KnRomt8Ck1zvufw8ti+Q8BE0MCXnQn2PXCvpm7Cdi9feZFnJtdYhp9Fszb8KDIBRbc5wre2nDSopAjBv27ErU6ayrPGhVhdyVP3c6GZsUhxpKomqXVmaX57HV5ZHQR6xaPvZ5v2O6hrO8bq4OF2QUvpcISsR+zLzPyNuO0HJHmF49Hl4qEgGmxvvBoaDrUYGYkAOGkQFwGBjQWvMXn2mnnmv8Rm6FVV2BlE5fuwT4f6MylGw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_5877a3bdfa38929e9285fdb3b330ef44"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_a7d78a8d202d2ded1a525cb48d1bc058"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Fuae5EKgQ90koWDdiRXjRcUYa3ehcuDghwr3K3O0BGqQLN2MlJiZHt8omxQn+poOO9YlFf43zInWt08r/ttQ+8FKYLnqlppE8XDBZeQpbMZmUl4nKi/KB3BKkKqZLG1s4aFzMBsTbMqEKqJ1Cxp1vDAVdzrmsSlZk9fpsJsrhB3q4fZIgpNfGMcEAYm1kalsZCKsCxD2BVm/aubCK2tL84M+QzlgvB6pU+9mFulX1vgb2FOPo5QVq9fW9j5wYK45QFNNgyhA9dJ4xAN9LXupuNMWsTgIaB5M9UxfLdxOLll5849NqdMa5caMQ+b3zizKm5cFnZaymPg3W9y4OO1Tfg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>XJ9VXPGU5UM5HFvnmYB6+Wir55jFz5EThYtTJTe4oN+7Ur82HZ3Zy7/Iwwd9C/3YtASjWNvjq9fNyQjWs4ZgMfYztTMuAcXNi4R0qrO1ooDgqXDFkO/QyzrL2VJZfHeUyLEiEFIrncpmfXPgBW3XycYo1/xj+Zd/OXOhc4cymenZaBnaIKV/SJoCu2fOenfoKKjCQg+8eO16z5WBdrtfpk1UL6nP7r0m1TlTMxkao/n8zUPCiMV6XL/NrPbK6teavbj4qXymffdTCDlux9ezzxnRY2h9yjnIB3gRvUkA31BLtPdUWmBmEukfKhYgO/p44d2vs1JGqg/vpDeVrPO9K/92hx2heOASYg9mY7asdx5RocP2E7nSv0R8pk9qthrMXz7eypaluMqsZ/GkVhH7B8+2jDPbMBUwDKXR5DwvwG82l8+8fsRgF9mTidaufy7P8k4b28USFLckxIYlYzuhWsZkn32xNi+WGLxH/kKTNfofOQIX7r50iuE76zTJh07C7MP4NO2xStomXRV2USFX3xKrF4EuSJ1lCTDzF+6Rx0yiRGrovybxo05qCRWo5QT7zGsrEa7ABiNYWHQ17UciGhZEpK3SIAXfAjyonoK3LYNoa3F8Fjwui3x8YHrELzu2Zk9tM9mlHxse+lRdru1Z55itX+H0X+BztuwFmgjaqIofqJG+Of97gqlPxrsQOXQVpVXJF6RGQCVLaB9/gKTulLS7n+QpUQx2N7RTJOoRtMzuyQ+5cKqbgZQz/M3bVK8aUFMuAHK9eq9lC06T7enxChaeI4eSQ8ZvJlDjEx8WVjIQ6cSX8VcNrLAYFFiPLSq+zydB9uHF1yauo5QfIkGfwhU7ZZ+vuHU1fzw/Vnc4jt2cnkWBgUCiXaLkTcRk4zjnBz4J4TDrZF0ImHl12SlN6kLI9t34AGZOj0aON6jz8b9qp6SlpSlFrktnaNjPWqdHkjazSMBJKr2q0/fjwoJvrAd6JId3mpqQjWbJo59DsOqYP9rP78tXWlVIQtwAADP1+dGuNIaWQobo9WqcBTzjr/iqBI3ELKjLsSlGk+2j3cifDcEKmIA/u1fQHPcD7GvvzdQ+3edzFlUx0USTXZuIDiLN0yankbx0WRVFlAXf/eFRUirdUHdzXYgH5feHCIZTEx3m8RrZR7h14cwOWizCD3ZMrQJ4KvtbFaunrNRr7HP3U8bJBMRzJ0UDayQTsxBehLxSXAmXS0jbhdMEm0cRWZ6HjbrOQPzsaUAId9zVeTQEuxAm8BCsVxMRcXhLsMxXBmkLrz6p4mJKqc31NVuV/aG6f+YL8JuzMTW7SFvor6yEYcnopcsC+2NyU/ymawHm1HIv5WH0IY5CpvcEBQq0P8yQAGq/WdlLyNfdyYZnWI5He6KouxE37O0egO/QpOxzKZcvKNGtzeXWjbdAZ9EwRhms3di8zn27V2cW+uvqUaRmGFSCwjOF0itTU7O/iVv5mqrdPbFbZiD6lMewHyPO/MVMJ4Mpvhvt/3QcWmHGeUXph82bvbCHegEZ4w7iB0xtH09JCyjTWRXpF/QmYSl615KGk5L10q8+Khu+6vV4bkdGrK1IBEoe/S3do6mL7kEPvsYgVYBAIScGn1pratuDI8TRRqxIDxVPJ1TnHtPi/CdIH/lK06K3xJ2jXgyIrjN8x480iqfOYPrxB8Xgh92f8qgvsbcigpt+jQJbeTaFvDQ/YkvIuka+2mvwUT7B/mIekNvfCxvzJxTRFsRfaZLChluyFOo1+11XLRN9MVIRG/gnDuZaYZqcrgH+hEOz4PV60oGz5qZEpZiiaKoK+dOYcCf9i/4E/fLzHCqL5yeM6K1jtgDZ7mqcRnWbP92gZDta2GtzGMdYqFN1lUgUw4JYTfs2oPTIXKIODFgQgfS8y7/TucCV89dIs51PtGwy7EONMlxshQR2MLLu6uVWPd6vvwiq9Nnh9TU8biPowEdyueTPCwYxYhzK2eQ7Fj4LatzTEtzEpHYMDS0G17juax/WVsmt5enYr5Nj0JjgLOk6YRGyFTFVJ0qIG9uZ9sEJLGEVy8bnukVCtREy2XqThWYsxAiJ+AtFv++pGrjze5xrEvOPIZA3Dyp5xOpwHnXOhat9MD4C3w6Yc2+t3FwI2DBJaWwtr5SXLJCUdoYORnKReAQkWZvENGwiW0R7AuWe8vPjSQW25t6qswK256xVUkCWYqvZr134K4/3g0voRHdDODTt1gKsE9XJqV4ml0yBzWUKAKRYw0GHx3tcSMIwXf4u0buJbw32sZB1UFgk3JBq0iRtlQaA83ienUFuMwNmA0JzdXNJsp8uFXyNLMBolHDh4hSYtibB+gRcQGVS56Op+X93eIhmoZ1Xq0z8/BnJkF40xx/RtB3GijHj2Mp7s9cVhTwQ21Bgpl5Q/HBrUgNAGRWMJu2/0UyMcorfdc0iIOyzJmyJ4Px4yM4AmxPu+GrUbNFFnyGyf/f+aukE8gqINuSbYgu+ufRpQzRg8vNhh52c9EsuzAMcVsOKuTNyghAW2SNCMBIVRN8FfY7cr7McZtj7YAc87tJHOQWl3Y/lFMENWdqbUBGPye/432cAzWi5wjzGilJ/FOdZgn3bUtqrjSDENd9gZdNykRvSYJzDGH3TkKtb5yl+LjFadVSv1PHoZjhZOio4KrHRbTDUvy241GKT/Gw5mlcH5zp3d/0zcDvSnAzADI1xu/SvhTY4MJxseXZf8v5b6/9/155BN8VJvC9AeSBEIGYGMKYOn6Y4iy+MXD6xfsgQYsBldt/cpT+6vGGCexQzA/x2Yybc8FFIK7DuwlEQH5FCH5eizILUlXqvtkGDuWG2Ms9yGM7dSCLtC8tdMUe/ZzVENkUuyW79T5gk/liPk8eGuHJq1O4tRwGaAjF/mxwOPvcPSiOBa6hpDXwr0lVdw21tPwEi66gBV3zqsJnNSP3kboJx3P2DNMU1SV5Yw+L7OOOGDrdZE5XV4Rnl9orSrcwQ8B3HiOdTD3tFR2Dqk2hEKImoN4zAUEzNiImrLzH2bMpW8TGa1mzKAu/BvGGsBv2bWzGGVzI3ItsCSOLXgwsQYcehvgmbo4/icca/iyjJnXEX1RhRZW4n+z7X0uxKrqG7CR6pKgXIldoyUATJdzXluu6EyDvoefySAITojx7OmANL5wT4SBVXl9fYQBayog4GMVSQfVVGFTVs/t4Scc6hFzTzdI0IBXYBkDv+SXnPOih3hvddw//9vCunPrcvUMrAa0PzEErOWSFnYftOrvIbZA7HA1ODVGrU1LMyLXasYvv6Ly04pX1qDRRNhkz51z3KXf4FlV6TQhSZjyvPIp7Rn8eUt+Ho+YcxYnCPccMu9NMxZQyyEJZySibagwODdtOU/lhi0hnhc0cojapNdpWS3nsBQnpAv8qq0KNgxiIDaAKiCRC2388KyuxOue1CR+PTfCBc78NXLPO2S1xuU0A55gUPcvjv63xH+LW/moeZlelbNheBtUCuu53EBS5Az9W1KT3vQh/ncqpoYUa9jBkNP+3WEy53xCTU6D3w/9JtAMHwp8PPNgIVp7QmC1dbQlu5CtBW78nVp92F3M3BHhOT9vwJbVzeh5vlIzmYoRzUebtmjFK9YuN13ZJMXErc72rPYJbXHc8AEZIHO8d1GnNLqXrUPR5xeqKwGY9M9eddwnHJ0Vc1UTH5QvQEaFj19rpuUPpttYnhZdqcay0NjnYVOe7S9mdPw47K/pcd1ylVSvBoZHPjEeDmBHFcjaHzPwPV/taTIcU3MgpPG0aUPpdBhH3Ti9HiBywso8+g7S9B63TvTK1oh1yayfb8GmWN8z1P7dRpJnD1bvY/QJ53avu9K+/fbeWj9KH+j4ECavw31vwGkNPmi0j4Z/jeRp/np65beSBUMbdPCGwZjxfnlxrI4cewOf5xsFccurwXtQ8SLFYfA7s1mQCuO/I77eczkAkvDOV3PT6regR19zDXLxecrwYrJkEq2BDZKXuOu2b0kYx2Dyp3gNIRu59qwcuswImdI8cOg7ndn97y3TbsZaYq4owKljz0Zcqe6HSfKTi+5TvK+LLCOTSsDL3+KZxNM1dSt6Uy09V9PTkGbfM/9KsDfz3abBzzTMla8Rv8mliB+fFLMbCOhztrAwHlFev387VQH/wd88fr7MHJjBQCZ3UK/HOcjOHddoKG3P5KpOP4+5vJdFVFtAEHStHw4s63JML35JG386kSwSj/kG0veFFIscD1pLO9iL8T+kuDqMNegEHJ3XzJt6OgVd8gmVce7KrBZFhb8VpFLSvlOYnxdnx3xrvTTp44NHmH9upPX4Cnc76ncvXycEhnjMM8U1+zKkuD0djRNzj73vDkn6sAjgM5+FSBszN7+i/kDTYgz0xrx2gLELhtx9sTct7iCpti7wz/pfgoYKUrvprdPl5/CV5FcFjCP6KEm/Laak3T8DeelNd8fcawcEkhijXtt28cJUGVQhXzf5bJ6wu4Ao85Y+fuXWZ09mwy0P0AjOAGUva9G6LhFP6Jn6+fIIp3jDX84mxO1CZZRSv+6e2Jp6cQ+U6jrmH+i8W23W/C2DV2rqO1XmqgjfEvHciTUEPD5wj7m10RzQQgVBdyhM1ouvDCuaBxyehJ6aoHrxXGVbp9CWeRBBfnvxpfAA1mz+T5r6WBqHsTCKqcaGSU7bNFDZ4cgG4TmAcWHnQWoEb/gz19+kRrFZWrjqKYXBhNRUwlOMt7i51aFzNWy6ujgB0LzSqo6hfk9SI1v2fabuaC+8wEK9F5wi3LPH6m6Sv236IUCL5A+sk7Z2+OCWAVPFiEIPWyTalOhCfv5ajWgk4+eo2HC/agvV3SKXRc04oe9X7r5dWat3JYrUFzYWbgr4NYBAGXPfKjMk7k2alT7biXdYsexvVMOt22Mtlg57fhBprfnHOz/0H6dqwSwIUYDOSjxAjASmndv/1FbFRZRQ3qvNetX7uAKIl2e/Nm3OXI9fSVHiR0f70wr95IyexsIgJ9zHQuiqqjqpKtlAaM2IrMYAhVUREXedGmAmYgHjXh+NeqS6ck1otkm0gkE6JmVv39NrVuVQLif1cF3we0gY+OQN7QaWfiILNkovlHGdqC0g0LlRCqES3IAfLJqogrMFmlazDzXyQUTXELZkVoSfyB2ojo6ciqL2ctfmU530rYmsSFez/3PdgFU1L/xLV188sxIsf7uJVxJAC1e4QUvnGkd4EQHATQHUrtrKAXwoQ+z4n1XeaAZY1M1tI0rcy7q82Ibj0U8dOaxIU9B0oYoMj35WM0ExWy8ZuMAZK3NVkFP+aQ7U7H0s/WzrETKFEZ+FNwIONAXmIhy5wkFmZDhz+ZHssM84ysnMhyIwxaG9StRcOx+xWJQQsWapHkkR9bMx90KxIy16K2E7xt33/0mKt5vsDTWOHRA9zGGrd0XG9u/vrDCu1QUorozG2wsP0OHmTcv/2pjPZyl0/1NwIIpaNigAtBvnALEn338ByfH5Uj11TPoA3umri4rXqonktn2Jr4/+LtnctgsZUAugObtC60XIgPfU9AxE/QKOAb81H9Lx2Ao2BRvrNjS1BK850r1ehXSuAz18PrRzb0mg7C38h44H6Zo1Wzldah8qlelEBcJ+qny6MDqoM+rdo54m5mnSsLFLOZ7all47s0gfIamSA65ve+hafTm1l0ZYQdf2/CcWHvAc0dyRFfRrPZU92MqO1JfwQlRp3Lk5j+lmeOClbH2EDM7EMB/zY8eCqnDXNOvADH660g6w6tVlT/T7Xe1ZoZDPiaM4cdKHvZA62IXXqPLVgwM0tZD9XPd/e7W3CXSLJeGULsEfRo9n7HznhxmDwHPFJAhsrXYzevC2oKTy/WtxEMacmC8D3I53APTjKjgoAK1XPqD0bW02I7WmJkoyumFwSbl1p6OsCnJPnVQLYN10d450s3nVWiNjw7/DyJYCntXHgRSRPrw4uqBAvPytBtw7poYqlgJhZP2YtyIvPBTUybskPyDsDKGYfipFQJ4bBIDbP87qeAi3bGswMCe/jK7Ai8DoIlcLeH1YBmd6Ob6ZFGM4kLarfOi7ES1TlnMN1oh3jOD9FDotWii6EnZZbolRvgN8u6IjGE998FYKnaa/93QJ/pzf1k/HpyrB+e2JOIQ4OSyVJ3WFzOX4+UETqTKpcMFABu5yDhHtwnAGSEfQhhUZUvYNq1ERBZlRhc6KlZEmX0oOOitpYFrS+4WiGqSkzcRXgNm1ngIjWXUK+RGAW2VQufuxzhu9T8+sIaaiGQIf2bJSedwGBSs9KHmOGDiw/ToVwNQwd19Thg6JZQ5tu0DChqvwJZEDcuh24q8A41b/12PzvopAAGJNcGdMDwKhwWXON930XpTH7QizNyChXIa/otjV5Z3V9IZ8pHm0hJAi0du5ORXTgVz9Hpg6nhvvvlxMtI++sukk/6IJL+Hjtnpqy0H9Z14YLXS1nyvZdbv5LakLQEebwdYpvsdz+FqEs8EHRBZbIt08DSL8KZOMO4wzzOzSspgYT+kPEWYPYI0bZ7N5XA+whYb+sTdDLrc0nhqulZrDnzFWdzDGOhsaSvTGQut3fX/qwxcJv76GDINvI0xGMFfxHn1AalYwRa5Ajnc1FtcrNg6wv5JkZWrQNihcIDHySg3PTpiGjlJbOmKKL/tSKeFuxJRvRYhwTxOD+jXgYH5lUeOGbhOq5NDrovBOfgejAhmwpGD11xNUDS+kcSGyEEe4Q3I008vJhQnRAQk+mmaopeXxDP8lQl2iQvU6CcskHj/jgS3JSgXi+EMDjlixVerh1+DAcVtuHVfX4W81AN/XM8iO8dqTYUuL1D1cNYVWP7hJd0iirNInAKDWcKX+YJn9QmndoDMjUGpIZOmKS/AGDpN94ObIrR/ADCHs1zFyLjLtUAGvfjzbUfzZ1WeagpqtPdQqOSJACZNAayQz9NI1IIQIlxkrf0RDLflojsygSKD932pK0g2vtZoWPuMnBLNnkuOtJx4jxx8lxLiluGbS/BKi9dVk9robgUN2V5aHMHHTiCogGBG+mzFFpJwphRL6ZXthHMT3QGLsDMMgTVf3w+YZiRqlyLQzh79TKE95/Lzy7uWT8rsQw1S9S9TA0MCmPJkPFjCne1uYWnOduw1VB6Tvrvpl5dZiJcYkg3BEzfjAhs3JXWlgypYEu9dx3ZTAB0zNOpHF0ZXIIK8KxSYuAu6/AlPNzIVO0jEIbtMld+kOMrHwaTqjL2mhNW4vlTtvVCfVwVcrgRyOrWUiicgQ4x1xGdT20nVl0JldDYHTa5E8l5+U2ZadmPlFEeZ8GJ7ed/ud4NBaMvQJYy2YCVukAnMGy6h+ULFdSNI+z4SMY1k2ABXS+WxkioGR+t9QWvnXYT7ka20IjznwSDZ8elT8l7QICPvskPTo3iXHzf1gPo2DCi01hwLHLC1SeYQiX7xJBztXs2o3FmR2rlTlOrtPb/8lAx02Whz3YoDE+qoU9xoWFaXaZfTrgT31rf/QGU1BZf1db4NpSldreB9c75eouR7K82ymC6dXvCdC5EgIGxKHyjjD/WkdvK3oU7AQ+6LrnbN3H55QUy0mwIF4jhg8kqbPfmr25xCfQpM8nG7jHcDO1vCqSIkH9egm8dxA8D21xVKBGMxLhzYLavRencyWsG/9f2N+rXI6J9DRX5+57am/lBh3UV10XQLCzxyx5iMvaSp2f0RoBpYzVD1eNO45IjLe9gg+UDmvvRLRyEsWrXZN+R6bMuJZqgQxi/U6cv5nJxT0/vvn9rMoYtjDxEfcrCt8tCrX5LniSB5UoZ1o3/T69vg6cJ4fNQlRWzquGW1gfPj/K69l/LwNlXukxGvIwAtaxEeCizSPL0lS/26ijna0LwYO621VTFq5GeyF9FGlNrcM6uEgRryIloZl9SeFvKR+z19hlOx6tLZOp4HribOTl9rXme8E5Wy2bHzmtogCb+TwU3lwx6wCYA0hqaLkTsSopEi6kDraSHOqhcJ5YBog6j4x4XZSvcmZEYtvGIjVIb2CnjrqHXJ/5rTMtgxYMQ+FUra880rMM41Zw2kJDODRYeMBQHeLf/7ibtPWOb6HPE6lyrJQgNhvxLaD8A5Sw8NLCgFK4R3DlmsH5aQFDGLCHpruVbeFSj9Ps2dRxd5kNFQ3JQDXYN7FBiAEJmgacj0mIpy/zH</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:03:52,575 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:03:52,575 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150352Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_txpcpw8ljktbpqvy3ezsra5rmqkmv4mbgzcl2si|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_8b52124736ed143c6c5293efc05afc89|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxdgWdfBwtDb0SxVzI5/m1b67jh5GbMRjXTTHAM7UKvZXh/jRIqKPPtW15M5lcq2c8+6DmdzoQNcbuEVy2D+fowGxnFuictW4q9z6uFzUjmQouHYKZpQzNHwY2zyiCXRN8dS75oQ3PXEm5l4Gb7897YYD3Bo7mDhw=|_81e5af43c9a63d27e98f85c30af4c82d|
2020-02-28 15:04:16,775 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-15546-OLufhJUbfDXS0Z9p72n9iephKRmcUuq1
2020-02-28 15:04:16,775 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-02-28 15:04:16,776 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-02-28 15:04:16,776 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
    IsPassive="false" IssueInstant="2020-02-28T15:04:15.733Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>3fs+8BiSpm9pecT+MxNls01h5CxhTx3B6D67B49JqB8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
n2AM3MwJ115SsgSMueFpQAvSvA+RBCS20r3DrUbVrZw6HnsR4j5ZCvN5AUQeMyjb58+z+tU7bpRi
CEUpzQoGCMDsZNCSa8hoo3kaBCBRCDZMzSdhPnMafj2geUWKLAWjb+exfhZt+lQRkXZroYpPCPIA
4w7pL9JYdqNSntwfAsfXKQTdDwwhjJh4NTe1cIRhmZgnQEG8sxE7wppw7iBfHpg8lXIXwKHFZbL0
2asUkP1JUNT6lpA3w9VDiMxK+NKEqibM04WiMJaAlaqEM4sf3ApdExxCfV0fGoiwxtOGJ5+99U4k
cjhhjVJN2AoFBxeXnW57uYzY2v8sqpMdv6RjiQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-02-28 15:04:16,781 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:04:16,781 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:04:16,781 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:04:16,782 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:16,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:04:16,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:04:16,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-02-28 15:04:16,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:04:16,782 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc', issue instant '2020-02-28T15:04:15.733Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc and Element was [saml2p:AuthnRequest: null]
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
2020-02-28 15:04:16,783 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:04:16,783 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:04:16,784 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:04:16,784 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:04:16,784 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:04:16,784 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-02-28 15:04:16,785 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:04:16,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:04:16,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:04:16,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:04:16,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:04:16,785 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-02-28 15:04:16,785 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:04:16,785 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:04:16,785 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-02-28 15:04:16,785 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-02-28 15:04:16,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:04:16,788 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:04:16.788Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:04:16,788 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:04:16,789 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:04:16,972 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:04:16,972 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:04:16,972 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:04:17,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2020-02-28 15:04:17,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-02-28 15:04:17,587 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-02-28 15:04:17,587 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:3001/login/callback"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_aac8fdac0cbc3aeb180f" IssueInstant="2020-02-28T15:04:16.847Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">comairbusiamsamplesamlnode</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <samlp:RequestedAuthnContext Comparison="exact" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-02-28 15:04:17,588 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'comairbusiamsamplesamlnode' from origin source
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-02-28 15:04:17,588 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-02-28 15:04:17,589 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer comairbusiamsamplesamlnode
2020-02-28 15:04:17,589 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:17,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-02-28 15:04:17,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:04:17,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-02-28 15:04:17,589 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_aac8fdac0cbc3aeb180f', issue instant '2020-02-28T15:04:16.847Z', entityID 'comairbusiamsamplesamlnode'
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=nVPBbtswDP0VQ%2FdYstttgZCkyBIMC9CtQezt0EshS3QjTJY8UW6zv5%2FsxF0Oaw45GSIfH8nH59ndoTHJC3jUzs5JljJyt5ihaEzLl13Y2x387gBDEmEW%2BZCYk85b7gRq5FY0gDxIXiy%2F3fM8Zbz1LjjpDEk26zl5EkJOayUkk5W8EVBlU1aT5OfYMFZEIGIHG4tB2BBDLGcTlk%2FyaZl94OyWZx%2FT6e2nR5JsT9SftVXaPl%2BeozqCkH8ty%2B1k%2B1CUJFnHTbQVYWi9D6FFTmm%2FU4iJVCuqVUvjArU2QHumnO5AaQ8y0KJ4IMkSEXxfvnIWuwZ8Af5FS%2Fixu%2F9HaJwUZu8w8BvGsvh81pbGkKmE%2FEWO6vJhZ38m6%2BVtxNiYLKRrhPZVh1o0sbA10Jdbp2BGz6jHK36PXJv11hkt%2F1xzxS%2FONyK8j87SbIhoNakHKIc4n1kq5QExSmaMe115EAHmJPgOCB1HO3kL1OC0KGmAw1VOW7mmFV5jf1Y4CBlGlc%2BJVyaKuIP6Gs0vwiSXPXUMb%2BPn1XnVGzV6BlTphcXW%2BXA6zf%2FmWRxz78jxlj3%2FGxd%2FAQ%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=KrtBPS1J%2FUHnUyKohM4CvffYY0dUfKY0A%2FGyS4BsrPGC2AA874kYuoOPXE4cQlk8J7JA3HS5vz%2FQ3dFs9I5KWkXCRbVkVwYgsTMFUm%2BlvBWNiWQb7b%2Fx%2FEr8vc4ahYYlKNHa5WOq%2FPBTtKtMZIVCO787kuSLwa9rHUMKp4q8YOTMiOwuYJRnZ5jUOVPzPOoZjzTMd3dgoejZdlpe6OuKb1iXyPT%2Fm2AxRq8FblPZ6BD8Fm0Ip92iRy%2FMPGtB0lkSTmf1yf2IwI4rhPikAY9ij51E6ZmgZhxNj8Fq5orzxqsTRE0e4sL3sHGnWyfhgy7xGmShsIIlC3gIEsbAlvlddg%3D%3D
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=nVPBbtswDP0VQ%2FdYstttgZCkyBIMC9CtQezt0EshS3QjTJY8UW6zv5%2FsxF0Oaw45GSIfH8nH59ndoTHJC3jUzs5JljJyt5ihaEzLl13Y2x387gBDEmEW%2BZCYk85b7gRq5FY0gDxIXiy%2F3fM8Zbz1LjjpDEk26zl5EkJOayUkk5W8EVBlU1aT5OfYMFZEIGIHG4tB2BBDLGcTlk%2FyaZl94OyWZx%2FT6e2nR5JsT9SftVXaPl%2BeozqCkH8ty%2B1k%2B1CUJFnHTbQVYWi9D6FFTmm%2FU4iJVCuqVUvjArU2QHumnO5AaQ8y0KJ4IMkSEXxfvnIWuwZ8Af5FS%2Fixu%2F9HaJwUZu8w8BvGsvh81pbGkKmE%2FEWO6vJhZ38m6%2BVtxNiYLKRrhPZVh1o0sbA10Jdbp2BGz6jHK36PXJv11hkt%2F1xzxS%2FONyK8j87SbIhoNakHKIc4n1kq5QExSmaMe115EAHmJPgOCB1HO3kL1OC0KGmAw1VOW7mmFV5jf1Y4CBlGlc%2BJVyaKuIP6Gs0vwiSXPXUMb%2BPn1XnVGzV6BlTphcXW%2BXA6zf%2FmWRxz78jxlj3%2FGxd%2FAQ%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: comairbusiamsamplesamlnode
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: comairbusiamsamplesamlnode, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'comairbusiamsamplesamlnode' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2020-02-28 15:04:17,590 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID comairbusiamsamplesamlnode
2020-02-28 15:04:17,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-02-28 15:04:17,591 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-02-28 15:04:17,591 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:3001/login/callback using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-02-28 15:04:17,591 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-02-28 15:04:17,591 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:04:17,592 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-02-28 15:04:17,592 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: comairbusiamsamplesamlnode
2020-02-28 15:04:17,592 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-02-28 15:04:17,592 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-02-28 15:04:17,593 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-02-28T15:04:17.594Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 09090c7785d172abe7f3229291e38a42d4ad0e21961bf30147bd94a3e5bbc9bc
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 09090c7785d172abe7f3229291e38a42d4ad0e21961bf30147bd94a3e5bbc9bc
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-02-28 15:04:17,594 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No active results available, selecting an inactive flow
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-02-28 15:04:17,595 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-02-28 15:04:17,789 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Not a usual scheme, returning name of 'comairbusiamsamplesamlnode'
2020-02-28 15:04:17,789 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:04:17,789 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:04:19,040 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:04:19,040 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:04:19,040 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@49870498::identifier=rick, context=org.apache.velocity.VelocityContext@2fa6db4]
2020-02-28 15:04:19,041 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@49870498::identifier=rick, context=org.apache.velocity.VelocityContext@2fa6db4]
2020-02-28 15:04:19,043 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 3b65d75242b3256e843b3c433e98a5ee6d14326ff808a9f104d17184cdc37ff6 for principal rick
2020-02-28 15:04:19,043 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 3b65d75242b3256e843b3c433e98a5ee6d14326ff808a9f104d17184cdc37ff6
2020-02-28 15:04:19,045 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:04:19,045 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6ac9fefb'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:04:19,046 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:04:19,047 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:04:19,047 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-02-28 15:04:19,229 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-02-28 15:04:19,726 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200228T150419Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1614438259726}'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6ac9fefb'
2020-02-28 15:04:19,726 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:19,727 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:04:19,727 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:04:19,735 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _dfb77da7856f290e64a5a31682b7d232
2020-02-28 15:04:19,735 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _dfb77da7856f290e64a5a31682b7d232 to Response _5bfa66122d42bfb3fc1d0a595621e829
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _dfb77da7856f290e64a5a31682b7d232
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:04:19,735 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:04:19,736 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:04:19,736 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-02-28 15:04:19,736 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-02-28 15:04:19,737 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-02-28 15:04:19,737 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxKvu3dgs6HDgAwkIuc6mZlQdLm6HycBM4DpoFzyfu7BNgPATn418JaFChdngkyRQHF04UtrJj4KPzrp/f2y+dJuUEpXwwx3SbvhI0PXrS7JaTcW7AtVslFDOtYL/45S7LQ09Tfgcr0TB22XA7u/HRNMSEeaHeoZ8= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _dfb77da7856f290e64a5a31682b7d232
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _dfb77da7856f290e64a5a31682b7d232 did not already contain Conditions, one was added
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:09:19.727Z, to Assertion _dfb77da7856f290e64a5a31682b7d232
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _dfb77da7856f290e64a5a31682b7d232 already contained Conditions, nothing was done
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _dfb77da7856f290e64a5a31682b7d232 already contained Conditions, nothing was done
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-02-28 15:04:19,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _dfb77da7856f290e64a5a31682b7d232
2020-02-28 15:04:19,738 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 3b65d75242b3256e843b3c433e98a5ee6d14326ff808a9f104d17184cdc37ff6
2020-02-28 15:04:19,738 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 3b65d75242b3256e843b3c433e98a5ee6d14326ff808a9f104d17184cdc37ff6
2020-02-28 15:04:19,738 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:04:19,738 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxKvu3dgs6HDgAwkIuc6mZlQdLm6HycBM4DpoFzyfu7BNgPATn418JaFChdngkyRQHF04UtrJj4KPzrp/f2y+dJuUEpXwwx3SbvhI0PXrS7JaTcW7AtVslFDOtYL/45S7LQ09Tfgcr0TB22XA7u/HRNMSEeaHeoZ8=
2020-02-28 15:04:19,739 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:04:19,739 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:04:19,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dfb77da7856f290e64a5a31682b7d232"
2020-02-28 15:04:19,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dfb77da7856f290e64a5a31682b7d232 and Element was [saml2:Assertion: null]
2020-02-28 15:04:19,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_dfb77da7856f290e64a5a31682b7d232"
2020-02-28 15:04:19,739 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _dfb77da7856f290e64a5a31682b7d232 and Element was [saml2:Assertion: null]
2020-02-28 15:04:19,741 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_5bfa66122d42bfb3fc1d0a595621e829"
    InResponseTo="_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
    IssueInstant="2020-02-28T15:04:19.727Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_dfb77da7856f290e64a5a31682b7d232"
        IssueInstant="2020-02-28T15:04:19.727Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_dfb77da7856f290e64a5a31682b7d232">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>QtGbz+yjUNuoLo5a0XLwIm5E4abC8/dSsAJ14QSZAlc/JqfSi/tFRY2KxDL+V9bABkBrZ81eDZTQcSOBE/+rpw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hOIHX+I0wDBFSfTK+l8QDLtaen8wte18ZDZARmuHpnf02c6KsUdv2biDdOFsA5QROnfSnX8A3XdQvFa0IXvqe2Xs6M3Xsw7XjjB0ceNDvUO8hfngBIVpV0fLBKJt3VgyLRyn540Zd8cSXST1yae9sfNX3kDuk+mQFQZiKH2BI7UvVnSM+AxZWJx6UeTyZkSRmcbWdr6Hy3eAa/xeVGvFQJY1jMcn0ac1XFgbqSZczKihrrntnATtD1KbvQp8A1w5pYQpGUOPSK4b5J2oZ8clwjtm0vR4NTRb8HKv95tK4Y+fuFDFAeob1uDlF5q/J3bk2fS77MspbXLqMkwfvXcnUA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxKvu3dgs6HDgAwkIuc6mZlQdLm6HycBM4DpoFzyfu7BNgPATn418JaFChdngkyRQHF04UtrJj4KPzrp/f2y+dJuUEpXwwx3SbvhI0PXrS7JaTcW7AtVslFDOtYL/45S7LQ09Tfgcr0TB22XA7u/HRNMSEeaHeoZ8=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
                    NotOnOrAfter="2020-02-28T15:09:19.737Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:04:19.727Z" NotOnOrAfter="2020-02-28T15:09:19.727Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-02-28T15:04:19.043Z" SessionIndex="_31fe13e46ee3bbf095ffe35d2ae7fe5a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-02-28 15:04:19,743 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:04:19,743 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-02-28 15:04:19,743 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5bfa66122d42bfb3fc1d0a595621e829"
2020-02-28 15:04:19,743 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5bfa66122d42bfb3fc1d0a595621e829 and Element was [saml2p:Response: null]
2020-02-28 15:04:19,743 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5bfa66122d42bfb3fc1d0a595621e829"
2020-02-28 15:04:19,743 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5bfa66122d42bfb3fc1d0a595621e829 and Element was [saml2p:Response: null]
2020-02-28 15:04:19,745 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:04:19,745 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-02-28 15:04:19,745 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:04:19,746 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-15546-OLufhJUbfDXS0Z9p72n9iephKRmcUuq1', encoded as 'TST-15546-OLufhJUbfDXS0Z9p72n9iephKRmcUuq1'
2020-02-28 15:04:19,747 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_5bfa66122d42bfb3fc1d0a595621e829"
    InResponseTo="_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc"
    IssueInstant="2020-02-28T15:04:19.727Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_5bfa66122d42bfb3fc1d0a595621e829">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>pOw7iE/uJTKoykCwp9jRebjLQI/AEztvIqX43dRHg086qYeGBMwOIBhaMxgy7s4Q1bVWPyhM7g0ORvBLgAqgPg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hkaWyU29HI26lSahXPdYWf0Zl5CO7POSARyQMVa8Zha6GdvTi1l7UDzNT9UaNyGCrCVIKdwMnUegsDvwXcewP5J5Gu//jrMX5IgIYhjwUfBPzGLkP7dp4Vexyu6KX1uHfDJJqhspny1SuI/agkfxDCVbMKeDzas3JgWno7/GWtFC+vF4cyUzFcZcKRaJnsQsP7YtsqcD35miPfdujOZgLQIOe1DOVa5XTBJAGvfHo1bVNaed+BxsSqQb3UIyGaKlvQnpxtoqT1iDX0/1snwagz6ZFFlC5XBZFNMq3LsVvAyflDV8Ry4gxjXbLkM6gDHrbuUIFACYo/Fkck4BrXN2aw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_998f183840217b7c2872ee8fd2c0302b"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5f13fdb71230a5035285e6df76d6852b"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>MABNBhjWRouUKuOxA2Ww3+z2lA6/KWIVvTTlh9groZ3hbxzOgsbKeEJF66O6Nkodzql9nvPQTSlT8ayPoTIQ2OLLyBRMSeXTdQQ4acpp+h4iuo3tDxsm0kTI32tfGu1OAh2dnpkvF6U9aLkUiu9wBOa+UgIBPJFzQbZplqWuyhm9j4TXFo1NriaSWi592yghnbdYWI1pV8MpdpDrE1KyWD1q3jBUHftPR87zJDbOw4AmpSmJ94P7HelGqsn1pldA2FmuXlxIQdpPOFaHxOORDAHCn5fT9qmzCYd3J6HTM9UAbdj3S3ZA/5Zy7eBwTsx5RKT6XysFmDJWRZVsWUytUQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>haPvDa66K0Ofsohu8yOpH42W7c9BYmKE7WPQuri+SSZAXSl1dq9edvQ8ZVi0en3IPGUOrE28HfJUgi0LmEJFfCCO3XF8tgdinoVlWgspDjBFms73sWJ1yqZbZx2dgfeWAdsTvCo/aqOirqb3s/fQfwnB9KaIHXZGiUGxhwWoPR032PjlZHLmpns5sAlMaH3MxzEcmzHO+ovcO7LDKAF9L6Yx3UZ2v7vTXM5cSdqgoZWHt/nkL/9ITmFrCPfJA30Cwk8bkOW/Mo9TC5yeyS1eCkSo2vbyf1hr5dDARTmDj7RjcdHg1/gbE1wYwKghWV0XNB1eV9iatrSg2syFnuY8omVN2tly2yTU0Fn7lOzV1l0C6qMYG8jxnRQutxOZf1s+JnFfvq5SeT7NSivV+FMnHMh6KHK7hUln5itpZRcpmlUrvjI3y46jEjB+V6v2xeTC0vYA7NAjvm+14JAsOMrPvtbmRTyXUKFKZ27tbXpumrYRspQi0q+itqfW1LjrIqGXkRMPSkOzhDOABJzpiiRJg5K/HlsnIK2QID7rulRHLaeOus1acJtOCdtI9e7YjdtwtPdgV+CvnWuTW4ivDrZ2x7UyiGLdlHkm9csSoYSA+J/Ntkr4Rs1ewwpLTJiZKjVicmAQBfpHZHe8lkMnH/4GdG4OG2e33D/ABZlTjYbTPN8wRQ7FjbiC2nJ9KeJRH6MtVUOPzoPn6fCysWf+MU6i3rIQY2TdXZKMigPH0/P/jVfdV7+isMjQs1RRHtzwxohr3ygqKNSCJS1WnRzZXxTCt9H5MjL3C3jJ7Q4x3gx2I3/IPOtLZ900GRHcGiowR2wbVFidxMjHX1TOxIXFOWcXf4qPk5AN/nA3iY5bEn8wncKzpLw3q8VOMkUVwt/PapDvSKdLvumSH1bZ7CbU4vd03qxpUeVKWrq7X86G8YPdeEiXsvIpXJLjpzWZ5iwjBrEHMSwrF/UVFzbp4TFEeNBQKki8UxnVDrbBcvfc7k7yoLdWOihT/nfTe4PA2i71P3gIcjv3IyojcgVvG/veh1kNrSteZSigt2rtOwdXKgPrB8KLe3Qb2KlL2ASIW5RK8SrAlVOK1lZWXWPI08gTb5pERVLa2XA7cFBROa/oW62ADBM5npis1inoINabCeTTA5a5Qq0Ar/kkhc47gBBPPxUEyxyCYUhjXSNsmxx0z4rh2uoh1/NelnWre6u0asxLPdr6fkt2fI6/MFvIq4PQ7paMzuxWyTu/U8P7ral7OLAihTuah6RuOMD26qXRrC4zEtvtPgiAMhflS0VuCkVFv24o+d3KXAaplaQv2KENG31XNDRCAIvU+YutbroMNmiDh+gbLvL62s+o+fn8Cx+6la7eLoedb2i0eA7S/VPkMeq+eakZM9IOoyJLMP8KmbkbIoGn5/R6YTj+UMCahPR7icBWIUDZVi8nM5qVbAXbNaotu66/uMbY9AJFigcxpZSF2sRKIzF61CpSgL9Xv1kRqjv3SH+rEPj9mxOIfYCGSTBQNDMZ/BtN91OUizB3OwGXea9rC/KAXta5JEgOdThId0OYbsCcwqQ7Yhew7YU9mHrI4t1QEZBhKi+QwG6pUbLH/+eJmRn3ltzIdofjfEjW4M/lkbtsKhndOd8iTr9EpiurREZqL8qA0rNs9njSmfeJR1qdSWCJ0ntRsICb39+kNuJMuNgsuuSBVC0z1SEjCRo4oeo4ob1ml9cFLlSmdw7HTnWvjxCwcFuJO7rW9HxHQ2ZJnP2SBLPudOnZ1G/7lPogZku6jeiF7mKoZeX0BKxq8x85uYZ0kSbDVUVhnit733tVqoC+ZkrMaJs59J8fK8NSaRrka1tua3ZIiFrTquK8SfEdbpkQS/Aq+zCLMieBeyR5VSm9CBYEL40bNYGIa8zbRAVLM5ksJ9V1aVR/lH+z8M5rKNQev16GKMIp3Yb8ciiqgt2WHpNNgR9N3COq5KZJeuTOgbKUzcgFmHAVxR/rOV/GWhMdjPvpLs14O7bhHGWA3GDqO4G++7l8sJpImLURtzntkwo9h/PdFrsKt00yK5CJBM2LBBodle/H5LjuUTuElzrNw5UaIvzzbQtZmev9Pn2gHKbTozJyKfxsIzmzdeH/bqojA67atcbXTGpZjKbJDaLkOjkzbRUuk6CVXJdmXJMZGQhZ1sfvJ20ObNVquGnQHOxpDSmbQF/rbOZl4ByxSbcB86Pg/V8V1/pqXnUVusQcoR4+FIRscZGRR71mYrQRurzFsWO0OH1XRkH/jDia2aXosTkELBiqDDDNTJf9+srHVEw3V6a6wuqhUOhNR7/CF9Pba32B5w2oCn5Ncvc15JJQ1wmBGVlVwyfMpbSqcjvh/MXDvL7yWEjFmWeS9Nt7JMQwVS66ga9SmSonpOGQ6enwbFC8Sy2HSLuJoTxr3zxZovAezBjqCcK0If/fBYGsvSEUoywbLSOJyOWyESQDlFw5RH0/srtLvy7VGp0ct37MzLfNqfddohB0PFgd782bMiuhnryPXXu0fKDZQVTTmvvvQl+j4E5+UlveaDUfqEWDGDPXlD4vDZK4noR9giUDOQT8xUqGQu6bEU/2BbsXXaRCkLBvRwagWF2fjgrjrsLF1rd694anjby23hCL2fBTd+akWt6jPo+CHdXDB+TyrIKS7l5HYPRNKHmMgwQ6tifS9uWGoI1lmxl2TfhtKkMrYS2C1kmWKr6akjnZW+MZGGSyLzKu2SUhfMS70FtWn5kcwAU5ev4aSWWDjaMK0Zedhqruge9rFayB3eN0fDgkSxiaGnQ3Yix73U3KinJxUSq1JXtwUoqnapTEH+tOBsdT+cRSs71zkbRHsCnk0BqOypeY+gNKFXZygqj1cqdN/BFphPlWBwgkDP4zKYpMxIIVKgSEdcK0+ADuQ1O31MMAAGhf2KZr6rKuqt/QPZBpWEUdvNE89oXsJ1706k52WSVT5YuivkRpa6gBrZ9byG0P8vltNSnaWGVsnCNOUWnd4OQM3hdGxhR7fP6Zqq8Kjr7dlnNiIwD/+N3JJWhlG7veMGnTg/FPSH8YDLhfh/WSBM8dQEeKNgeVUa4vSZbyEFtT/rtGweOe3ELJ4mGjSb7V+UoXEeuBdwKfWFDyksDDvmgbvybrCqOLJR8zedcklaEibVKFYoskMEqW21n/iAo6BFd5L+MKmr3pB9td9TuO7T0AU+Z7tkeQPQgQ9sXlQ6pPGtyVBzDMaW2X4pxyD93aOtWA2LmRp9euzqWH4YFbCW3j9ygM6JDz3BfQDwtQ43Fbumjc2wnIb4zhCpGMbnDyKzS/hNL3xPeaOSTfKl4bVG/0XC0QX3BSsISlkyXVR0422eZobKhGPOxrzgveMwzo/M4rIPiB2Ais2AYVV876IlZ1P3kgFad0mw5rclXp72Pj+qDKPGj/yFHNvuVGOUeo2QgwGjtksmXt8l/8EyKidn9CERDzhHLu3kZMQZrbrsQCW9uqhj0ZxiieYHQ5MVAa0RTJ1SoE8RD739/81ucbiBJKUwLEKOPK1G89p8yHCCB80fpZaJTA5leBf9w/AexUSfCaBFx1YV64PpmPB1GfDt8OK17x9UTojxtGX7AtI0AzPtQk4X4JoO0XtUEjyIDaDgKrByDZ/dtFkXe6onl2Jv/k98PHYBeLQ4QCwMzazNkXbii73GbS3JaHdg+TDkksxV7PHpjMDa0P6o3UIndY7Yg7G9YCH0vaXiMD+s6O7x7qU9il/lE3l9ZC8k6hT6GgwOYb/92JZcYgKDOI5wJh95Jsq8iKoZoUqJI8oTq0r0ACwGc0jgNYKz7LIX4+Z3QmYbveG/NkYKqnNcbmxSvJ+bd1QEVZcO4/+wgw+89RE0uluHj/9Q5KEkW1OUM4IRiySpJZL9ae68ZlGg53e/jIlxPNd3PjtfHXRi8jxckJim9gpB6QcEFzqhkSDNYKuj4WJwbfMEsv78lIFmvN2I05xkXetjV+9+RsI1LwwoiSfSaPkFWnDSt2JKR2Q+UTkWUWVdeyGkygVwPVzZ8bCq7rSDXOnNP+8oigvRzJwY2cLF6Zr+0ryv1+ZwFfnBumYzq+lWOy5kzF7wWZIOU+6XiqyF2YRUiMzR3S3dkzUeZ2ToztL2YnOtkXdDa7QAIw7kxdhWC1ZQHPFOZ8MqtrlGOlOb8RlyYYGpRuxLXPWDUmEzxY+VLZk5FS7DyuQHg9KQoFOAD4r4LPY0E6KyyOz6eBuBEt43eXsswfDyS6pNVBvlDuYjyROodlMcsMQbQdHDDSB0kkuCmNZKQgV6HhYSblc+YqaYZCQ0Z+AMwz1hK7lMMvpU43YRtUcauw4S1awYrSSyBGGxcZjR6qNYueaG8yt0QiviiHEz8jhpA7RLVOz8oRy3P83QB/t0tWabLvfSMuXpmwwTojXdWxrql7iEq6UcCRQKsqAR0kLH0fEvSj4pr11l8TqZJHURfOUFu74TokUxRJuup1sc4UiGMUXpfPChrlpz+SuGGOjRohTs3KXUT2P0Ubj/315Bb8QJ36W6Gl276usmXBU8q7eCS+h3BXDGOK4pHBcGtB65lsDtpavrhzLCpJQ64Ln+vrRAr4B3YiwBwVwcLNvWd/qfWYsOFTWeVgTj/cMbhl4UIh4sl8v+/RpA/wvqJf+aJIS+Oq9qjebBtXB7qa2VLMXTgjEfuFTGiSPq9x2C5QVZmqXWdMFWYEV6de6/VMzDS4YyjRfXFSlQgdm6YJUcupna0v96irLpR6LOvJfVLd238hu0gilGzhAQdfmFiPnOfpdv4rkY75kH9a0eTSnKHioz7XvqeGYxaWcutpDGBOC8JrTDQggV2ansVqIgQkKWwXLANHla2YitrGHYOgdpqB7SQ7EMQafxDw0vuAgK4I35IIjJkzuX1qlWW05QRyxibwEprkpzB9WiSmconmhcHq9H40pqFzcm6qHrR/JJp8ub3yOi0LUmKj72Lz1XKdZXU4siEeAzxtFE6HIfBp190AXvF2Cu6zu1ICz2AR+QODzKEuuQibx60SrVaIo7NQMQrtaaf+ZDatAQb+nG/LJQrS18Qfi9TQ8+4KUYalD6b81KHhKJ9Lq1q4/NZLn737OgrQGRkL/ekhYzKNJgdqDy88yNik0pAD9phvbE1bw1CyYcnH1KSBZ6Ly4schTUeBSA84ba2to26/tBDfyDADV0tF7Q4TCFnFtdcoYyADv8H/ETYooGVFGmvlRd4ppa0NMYZsC9ATEtLbLM5gph1zS9osxraafbHROHVE7Y5UU7lGxtG99jbjA6VL4zNN/yOKdby0UDSYxP/cw5De/zV27K65dQNJWOn8Q4JNqwgsAPNrXimiCFo/NpFgLjBkw4FLETA/EosxiY3sc7QPlchoVGNDEFqxF+aMNyhdHlqA53IYgNE+tglDa2r/EHzMkplY6OVt4fzdocJC4jhObnpkrLJaaD/ANwGcWs7pDCrYA1Rqmoso3ubTuC/6Zx0z4VAnPEDAxc7/a14wgb63zfD/U+UV4jqhPnUcOVGpCY0HG5iUyT0TRQQ7gUnJ002A9O0/ghUZWOhV/tKVfxJr9jbWfplQByFgNpPmlCt55tpygCZrSONIuVwFLfu57h8KcmVst4tnuZBalzasE+8OgnkQ9Xjmcz6tg/xt69EwFFuryjwyH64gDjY/oUfyvmQjFp+xFV1ot8sEaedzdr44G72jCNyvfKpq3ZEfyhShC2LI1Kg8mp7n/uTNpbG2b8tS9J5zE70X2IOQI6vuwFaqdAKQ+9CekqLwA48huy1Z0Dm0deQCavjoZxVSWpZ8hyE6xhORt7Tr4bL++tKbL0xi5gBtRynLAb9R8EC/LJAE25tGxv3l1yacRzuv/JXpsEraZkiFUKMcZs+CFK6TQoU3osJ3TiTehfzUEtoQ6WLgYr/nslewG/uO7sG2hLBEZpjycX3F0vITAynbs4zTGHplOn/AS5ZlH0D3Jb6jxz4a5L1sAr59e5wHWNahXErV09NNmYtp848YHslg8wUBb0CRP2bg4mMgLCwfGOhJFcSd1zIiMS6e1Bx5WZ9fRZhpvX8BOZFLCt/s0IbBWLcKn1HhV7ce2OoFpItsmk2vTxE+mjW8Yhco47kTCFCVKj1OvEPDCM9NOHHSjmae5LiHBbadN+0z9ta+mH3y2H6cG3rUBKiG6PiI36Kq2dUUrT8VnNs5zx9vWUSRi1fE47ynPRsEL5Q1V1uS08o9sqPqvtrM7EQT8fOVfbCeUD+4bt5tdjwAwWt2+zhmDxWLOYy3w2whzYlg4WDCFpo8mtm9Fshk4u9o6iMH+UL8midSrWbKaknN5p6jOa2i4RGs0MjNSfNo3ztSiKp10px+nu54JgRdMh/EzkbHJKG3EIysWhYX3jbhXThrWdXcGWaqpagi/7lF3KXaOsowmMO8TeOC3M9Hiwz2HDPf+O0tEktidYXqWK+4C5Y9KUENicaPKSxF/hP9eGUWEHU510ATByX795Rt2K5WGoBpTs8nIwP/qOgzogXIsrLrhCOF1WY03mNOA07XnEpF9j3XLJ5Yl7cLwvY5eAM4rmY721wRYtEKboYXnIHHeY62IR8qzLGSfFfYvyG6BNCNJ1FAkBQUiKSzwNR/b9dFWm+nR/tS2MWuLOjL0nJc3FfGWWcBEX2Ekf/kgXEG4VOiD3TgQmaAqSBhwGzxM8sqyMolCRE213307mMePK8RP+pvErMV5FI6MoFjGanAmP/hK6DtYo3MnX8NON8OQcF40gsGfbGmO/Kzy2oLwSUEwPi4f5hnOd/eBl7DRb9bBwFVenxtkPYQ+0/TCw3gEmWB0Yq9Wvl9/C3W8KB+ziBrDgzUOwKGg8sLmt8pCiYfnNald9AUromkR3Dcka9/TmZv9Guo/C7ugPcMNlel5G6De9BggO8BVVSejLwmryqWcdRchd+MALfo5xpMbPyP3aqVJbuRafuHmRivDB+L3IarjzLgBPVo6DocDQrAvtOUHTAI+PyxeCG2r7SYqb9OzKqwt1gB/0Z93SEkF+gHOj2OmfqyxcYC+5oEIKTkG5Qr2ipHoYGM9FJ+KU1qarwrKFdfnB/2GegB1mwKfx8KZt/zFUifivZQQcl0M/+YYVDZP9TrrX8STzjnn6fjgw36F2Qc9T3IwlM6jz+PyDIaIm0dMZnuJUIByQH++hYnuRfdac15EBicXyy+ArMvrsaF6VIFaSdkgV4iX0Y1nFzDkzLCaojihKES5HTCFyaiK7enVuhA/PQT2E7kzbCfOcJKI7smHBQbsKspUyVOfBnNnkA7rPEOPlgmpYSZAMVAX/Evbm/A187EuBiQYr4vDvuPmW5Pa48jbClSBwYMd0b58++ZindB6ApN99cwLRmUp5Sn1G2VchPryjjxTiQX2Yj5JIddw0z2BhB1pGu20ToPxfdBYjKJRUKGSBGpZAraiOxLPRg5bhw7ikopZhDgXXRWi6T5bvNw0l+1tsIEBYIMKDYNWzZyRZAdXW0uokqkXzZtYx9HJ6Ik/ibABfqVs4usXD5YG2xusnqg/Ty3j4I+mVOehhILq5yTTM6x6wxMnC2wuIY1nwWSvk/uSMuOZEUfFTsncQDAx1ZnNjcfbuYiS/QKXLQAkcjBKK1y6VhAF/U0hAGVq1TCQ58e1rH0UFkt29/zjDEJdmnLgjw/vQbaXAZHUemgt4SowxdFT9SjbLmsbRD80H2LNJ09HOzRkNQf9FUuoMJ6lkZmgP+JE4ZU8U1Tb+TWh93c1qEiJo9XsDRFjP7BzGPYyxDVYatDGjWwV7tdkhLMluOyqW+V2G68cCG7QzgvDAb4p5E5Z//hpZcG+9+BTC1nHc2e63IaX8+ZERo7E7AYIyz0xkgkw1rtLzA7DXmIOegmrU/rABVwYZwowlE++7wA2PKqtEWSaTd7GGBeW6Tp0fFW2+PaMxQdnNFapvIaHiaCJRMR7l4lSfc/oJ5GCq3B0WD+OOdxKFcJgoDz8UgySKsbQIdX4aYbvyKlQ5wax1SwaxZ3mEgNBIIIVRZoI5Wl3L3L8aEjmQrHV7/pKDZm6tjgmiHeKfI4LNqjC5RKea1DG6aTqMbymwEXwToyfYQaauHMn4pmy295m7C7W2Xc+8+SStmImSoySU80x4Pbbrj95xymB7ZBwqX9yQ0cxu4P7vCRmtA2MMPb66O/XOaRuYOsLGrg+UCQ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-02-28 15:04:19,747 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-02-28 15:04:19,747 - INFO [Shibboleth-Audit.SSO:?] - 20200228T150419Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_yxeo25zo3qipchxjoiqelpqzzvubzbydijlrnqc|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_5bfa66122d42bfb3fc1d0a595621e829|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxKvu3dgs6HDgAwkIuc6mZlQdLm6HycBM4DpoFzyfu7BNgPATn418JaFChdngkyRQHF04UtrJj4KPzrp/f2y+dJuUEpXwwx3SbvhI0PXrS7JaTcW7AtVslFDOtYL/45S7LQ09Tfgcr0TB22XA7u/HRNMSEeaHeoZ8=|_dfb77da7856f290e64a5a31682b7d232|
2020-02-28 15:04:24,310 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-02-28 15:04:24,310 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-02-28 15:04:24,310 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@786764031::identifier=rick, context=org.apache.velocity.VelocityContext@326d345b]
2020-02-28 15:04:24,311 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@786764031::identifier=rick, context=org.apache.velocity.VelocityContext@326d345b]
2020-02-28 15:04:24,313 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d59e16a30c43352572179bdde0106eb4dfc6a7e05732dcbbbef9a7922c33511a for principal rick
2020-02-28 15:04:24,313 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d59e16a30c43352572179bdde0106eb4dfc6a7e05732dcbbbef9a7922c33511a
2020-02-28 15:04:24,314 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-02-28 15:04:24,315 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1da595d6'
2020-02-28 15:04:24,316 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:04:24,316 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:comairbusiamsamplesamlnode'
2020-02-28 15:04:24,316 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@70accd95' with context 'intercept/attribute-release' and key 'rick:comairbusiamsamplesamlnode'
2020-02-28 15:04:24,317 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:comairbusiamsamplesamlnode' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1612446330317' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1da595d6'
2020-02-28 15:04:24,318 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-02-28 15:04:24,318 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-02-28 15:04:24,319 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-02-28 15:04:24,322 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-02-28 15:04:24,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _eeef9effd7ab7c31d2838350024c4ccd
2020-02-28 15:04:24,322 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _eeef9effd7ab7c31d2838350024c4ccd to Response _d6e2d9d47a02fd3dcead9bc177995917
2020-02-28 15:04:24,322 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _eeef9effd7ab7c31d2838350024c4ccd
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-02-28 15:04:24,323 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-02-28 15:04:24,325 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.46.7
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _aac8fdac0cbc3aeb180f
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:3001/login/callback
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _eeef9effd7ab7c31d2838350024c4ccd
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _eeef9effd7ab7c31d2838350024c4ccd did not already contain Conditions, one was added
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-02-28T15:09:24.318Z, to Assertion _eeef9effd7ab7c31d2838350024c4ccd
2020-02-28 15:04:24,325 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _eeef9effd7ab7c31d2838350024c4ccd already contained Conditions, nothing was done
2020-02-28 15:04:24,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-02-28 15:04:24,326 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _eeef9effd7ab7c31d2838350024c4ccd already contained Conditions, nothing was done
2020-02-28 15:04:24,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-02-28 15:04:24,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding comairbusiamsamplesamlnode as an Audience of the AudienceRestriction
2020-02-28 15:04:24,326 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _eeef9effd7ab7c31d2838350024c4ccd
2020-02-28 15:04:24,328 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party comairbusiamsamplesamlnode to existing session d59e16a30c43352572179bdde0106eb4dfc6a7e05732dcbbbef9a7922c33511a
2020-02-28 15:04:24,328 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service comairbusiamsamplesamlnode in session d59e16a30c43352572179bdde0106eb4dfc6a7e05732dcbbbef9a7922c33511a
2020-02-28 15:04:24,328 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-02-28 15:04:24,329 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID comairbusiamsamplesamlnode and key rsanchez@samltest.id
2020-02-28 15:04:24,329 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-02-28 15:04:24,329 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-02-28 15:04:24,330 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_eeef9effd7ab7c31d2838350024c4ccd"
2020-02-28 15:04:24,330 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _eeef9effd7ab7c31d2838350024c4ccd and Element was [saml2:Assertion: null]
2020-02-28 15:04:24,330 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_eeef9effd7ab7c31d2838350024c4ccd"
2020-02-28 15:04:24,330 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _eeef9effd7ab7c31d2838350024c4ccd and Element was [saml2:Assertion: null]
2020-02-28 15:04:24,333 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-02-28 15:04:24,335 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:3001/login/callback
2020-02-28 15:04:24,335 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:3001/login/callback
2020-02-28 15:04:24,335 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6e2d9d47a02fd3dcead9bc177995917"
2020-02-28 15:04:24,335 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6e2d9d47a02fd3dcead9bc177995917 and Element was [saml2p:Response: null]
2020-02-28 15:04:24,335 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d6e2d9d47a02fd3dcead9bc177995917"
2020-02-28 15:04:24,335 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d6e2d9d47a02fd3dcead9bc177995917 and Element was [saml2p:Response: null]
2020-02-28 15:04:24,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-02-28 15:04:24,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:3001/login/callback' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;3001&#x2f;login&#x2f;callback'
2020-02-28 15:04:24,338 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-02-28 15:04:24,340 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://localhost:3001/login/callback"
    ID="_d6e2d9d47a02fd3dcead9bc177995917"
    InResponseTo="_aac8fdac0cbc3aeb180f"
    IssueInstant="2020-02-28T15:04:24.318Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_d6e2d9d47a02fd3dcead9bc177995917">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>ZjVn8j9l/nJfQLc9mwl28oB3lPNl1uRNDhxWWUXTmms=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>S/MDyYBXIA5dMSTC1kaNyqL1vFWJ/X+fr8GdHndH3GdHoigZOn3VyrElPrvazLAFS7XVgkD1+awcAMNYIhCXxPnDkegMz8dL+dVRtKbm4REV3TUWlKyDJY+R1WSKpJhsZcE9oLdH7SNPgn9sr0bUSyQ+hBnl8s+ijJQZR9N//x36NMP7MdUADrPd7gjn7dmmeAawPjHWv6Q2TANZxSD04RQfhJmn//L26vB0c+mvfuCAPSIaXA2wCyC4ToXXvDjUQWZtIiJhufLLrAHwx/09jK5kYs9vvTQ9112xddh/nlE6Yf5t3FJBMi/OEjScOB40V/cvd7cIlvdKqvNQlG6E6A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_eeef9effd7ab7c31d2838350024c4ccd"
        IssueInstant="2020-02-28T15:04:24.318Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_eeef9effd7ab7c31d2838350024c4ccd">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>+SjrtUT3Rcgb3m3NeWndT90JbaBxl7TEPxacWLwvl8w=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>I+KppFnPECAdtWzIW+YkWaSi1CgNmTMUBweaPKBIS6Y1Oy0Jb+9NrlMPTpqBcg2kpQ+vl0KFfFgqthZst2zG6DHPTVwv60yVP1VQBzzJ7ljqLFYuBNVLAGSO5v63Z+2g6EtTiP0rf4tmHBrQomJRiRbmueWAy3Nw4Ry82ik2V1KCK4BCVSAwfYMvzq4VAx5FQvUmLb3dC/ZzVjOQqA3+oX+ymzMoEy5MgPwo9FPh6Z74wWRjnAuwiyIVkL+uNa+bPRkYOOfX6ii6dKXVdIVMLsyfJpWDAe+C6X247TDbtrQREJHma2UR2i31AnlwR8RTk4uSLB0Z3NMnpMCCJGnlEg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="comairbusiamsamplesamlnode" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.46.7"
                    InResponseTo="_aac8fdac0cbc3aeb180f"
                    NotOnOrAfter="2020-02-28T15:09:24.325Z" Recipient="https://localhost:3001/login/callback"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-02-28T15:04:24.318Z" NotOnOrAfter="2020-02-28T15:09:24.318Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>comairbusiamsamplesamlnode</saml2:Audience>
            </saml2:AudienceRestriction>