2020-05-25 11:00:40,732 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY4OGM3YTk4LTllNzYtMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:40,732 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:40,732 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:40,732 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-f88c7a98-9e76-11ea-8002-81d9d263515d"
    IssueInstant="2020-05-25T11:00:40.150Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:40,745 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://127.0.0.1:8193/saml/sp' from origin source
2020-05-25 11:00:40,745 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:40,745 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:40,745 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:40,745 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:40,746 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:40,746 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:40,746 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:40,746 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:40,747 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f88c7a98-9e76-11ea-8002-81d9d263515d', issue instant '2020-05-25T11:00:40.150Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:40,747 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:40,748 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:40,748 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:40,749 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:40,749 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:40,749 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:40,749 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:40,754 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:40.755Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:40.755Z
2020-05-25 11:00:40,755 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,762 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:40,763 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,764 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:40,772 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@137ae02b'
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:40,773 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:40,774 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:40,774 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:40,774 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:40,774 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:40,774 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:40,775 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:40,775 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@137ae02b'
2020-05-25 11:00:40,775 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:40,776 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:40,777 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:40,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:40,778 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _def17ff07cd774a0db2e69fc0381b7c2
2020-05-25 11:00:40,778 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _def17ff07cd774a0db2e69fc0381b7c2 to Response _fe426a4a07f5e2c6489bcb0e77cee5ae
2020-05-25 11:00:40,779 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _def17ff07cd774a0db2e69fc0381b7c2
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:40,780 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:40,782 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-f88c7a98-9e76-11ea-8002-81d9d263515d
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:40,782 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _def17ff07cd774a0db2e69fc0381b7c2
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _def17ff07cd774a0db2e69fc0381b7c2 did not already contain Conditions, one was added
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:40.776Z, to Assertion _def17ff07cd774a0db2e69fc0381b7c2
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _def17ff07cd774a0db2e69fc0381b7c2 already contained Conditions, nothing was done
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _def17ff07cd774a0db2e69fc0381b7c2 already contained Conditions, nothing was done
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:40,783 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _def17ff07cd774a0db2e69fc0381b7c2
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:40,786 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:40,795 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:40,796 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:40,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_def17ff07cd774a0db2e69fc0381b7c2"
2020-05-25 11:00:40,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _def17ff07cd774a0db2e69fc0381b7c2 and Element was [saml2:Assertion: null]
2020-05-25 11:00:40,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_def17ff07cd774a0db2e69fc0381b7c2"
2020-05-25 11:00:40,797 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _def17ff07cd774a0db2e69fc0381b7c2 and Element was [saml2:Assertion: null]
2020-05-25 11:00:40,801 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:40,809 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:40,809 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:40,809 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fe426a4a07f5e2c6489bcb0e77cee5ae"
2020-05-25 11:00:40,809 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fe426a4a07f5e2c6489bcb0e77cee5ae and Element was [saml2p:Response: null]
2020-05-25 11:00:40,809 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fe426a4a07f5e2c6489bcb0e77cee5ae"
2020-05-25 11:00:40,809 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fe426a4a07f5e2c6489bcb0e77cee5ae and Element was [saml2p:Response: null]
2020-05-25 11:00:40,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:40,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:40,819 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:40,820 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY4OGM3YTk4LTllNzYtMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:40,822 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY4OGM3YTk4LTllNzYtMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY4OGM3YTk4LTllNzYtMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:40,824 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_fe426a4a07f5e2c6489bcb0e77cee5ae"
    InResponseTo="id-f88c7a98-9e76-11ea-8002-81d9d263515d"
    IssueInstant="2020-05-25T11:00:40.776Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_fe426a4a07f5e2c6489bcb0e77cee5ae">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>PEvlNqDftEiPZl8cTwqIkc7sWi0AmJcly77OwyhHoI8aAkqEPc+4tdKCQBfmYrZPzjH5dVVDV2b2fVt+owRXvA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>acGOmYDvzMoe/vxQ7J6NcUXmqaDKiS2/C7cJfbdX0NvBuyVLC4kKjNBTR1WgO/kbjXfeNcfjrC11KQEiYRW2m1UOYHWs0mN2s3EQLzzjILOAb6+T91kp1qsr12phtDmd8wCKtCXMKe3yTw0BC0DgB6cuoheGShmxydctd8vDPl+f+C7IJFVKolToznzplvhoG9h5mCX1+QokfFfseozPCtYY7kuV+UmhhzFyIieIVvLYvRf0H0BlsK2fogd/iNZMUlb0J8PHaaPt7K0Qt0IR1x0EzFO05Ody2iicd0UWowwfkbiqiB+P09i0Dn2BtOQI5MlkL/ILMB+VWZgn+6jBRw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_def17ff07cd774a0db2e69fc0381b7c2"
        IssueInstant="2020-05-25T11:00:40.776Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_def17ff07cd774a0db2e69fc0381b7c2">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>EqPHt+s9jb/2ESNcqi8jPyu/JUbZ/ggq76b3W8e2TNHqTmB9r1xfRHv/oBODexy/8uMkmRHPWrk2RgYARpGBHA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>LrwgEFIqg3VnuyHgiIzdkfn1cvs62S2ckY/7dcsam8YyRz6NfUU2FEvBcUadrSejxrr0w68sAF8vuMRQrVcleEZ4KN3qchhaFA5DCiFJjKShgy0ZIwozYh+nC1w3MsXO7hfNA3AXGcKbNC8Ii2m1DucXVyoOQu1XUkojrci8KrIgh0Xsnz9faaUUxJi5iuyPQwJkvQL+KYar6cXp8aw8/xwQCYH0TPVsjh+R0iIGMKvSK54uGjOQqGYZxyHuQBrDqkiR9XOtrzEFMc2DxZYVzvnnFwEp8+qbESKUAzaAeuFaH/iluq4tJkH/h8KU4R9pOfGpGroedJLR9BjSjr7UfA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-f88c7a98-9e76-11ea-8002-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:40.782Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:40.776Z" NotOnOrAfter="2020-05-25T11:05:40.776Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_e54a2dad19dbd74c140609aaed441302">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:40,824 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:40,824 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110040Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-f88c7a98-9e76-11ea-8002-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_fe426a4a07f5e2c6489bcb0e77cee5ae|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_def17ff07cd774a0db2e69fc0381b7c2|
2020-05-25 11:00:42,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY5OWEyNTNiLTllNzYtMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:42,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:42,057 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:42,058 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-f99a253b-9e76-11ea-8003-81d9d263515d"
    IssueInstant="2020-05-25T11:00:41.918Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:42,058 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:42,058 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:42,059 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:42,059 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:42,059 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:42,059 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:42,059 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:42,059 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-f99a253b-9e76-11ea-8003-81d9d263515d', issue instant '2020-05-25T11:00:41.918Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:42,060 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:42,060 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:42,061 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:42,061 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:42,062 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:42.063Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:42.063Z
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,063 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:42,064 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,065 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@65c3ea87'
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:42,066 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@65c3ea87'
2020-05-25 11:00:42,067 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:42,067 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:42,068 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:42,070 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:42,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e46deafa1eb8fa5af4760bf906e9c22e
2020-05-25 11:00:42,070 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e46deafa1eb8fa5af4760bf906e9c22e to Response _bd19584e9c631315804d915af64653a8
2020-05-25 11:00:42,070 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e46deafa1eb8fa5af4760bf906e9c22e
2020-05-25 11:00:42,070 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:42,070 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:42,071 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:42,072 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-f99a253b-9e76-11ea-8003-81d9d263515d
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _e46deafa1eb8fa5af4760bf906e9c22e
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _e46deafa1eb8fa5af4760bf906e9c22e did not already contain Conditions, one was added
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:42.067Z, to Assertion _e46deafa1eb8fa5af4760bf906e9c22e
2020-05-25 11:00:42,072 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _e46deafa1eb8fa5af4760bf906e9c22e already contained Conditions, nothing was done
2020-05-25 11:00:42,073 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:42,073 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _e46deafa1eb8fa5af4760bf906e9c22e already contained Conditions, nothing was done
2020-05-25 11:00:42,073 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:42,073 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:42,073 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _e46deafa1eb8fa5af4760bf906e9c22e
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:42,074 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:42,075 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:42,075 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:42,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e46deafa1eb8fa5af4760bf906e9c22e"
2020-05-25 11:00:42,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e46deafa1eb8fa5af4760bf906e9c22e and Element was [saml2:Assertion: null]
2020-05-25 11:00:42,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e46deafa1eb8fa5af4760bf906e9c22e"
2020-05-25 11:00:42,075 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e46deafa1eb8fa5af4760bf906e9c22e and Element was [saml2:Assertion: null]
2020-05-25 11:00:42,077 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:42,078 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:42,078 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:42,079 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd19584e9c631315804d915af64653a8"
2020-05-25 11:00:42,079 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd19584e9c631315804d915af64653a8 and Element was [saml2p:Response: null]
2020-05-25 11:00:42,079 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_bd19584e9c631315804d915af64653a8"
2020-05-25 11:00:42,079 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _bd19584e9c631315804d915af64653a8 and Element was [saml2p:Response: null]
2020-05-25 11:00:42,080 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:42,080 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:42,080 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:42,081 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY5OWEyNTNiLTllNzYtMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:42,081 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY5OWEyNTNiLTllNzYtMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImY5OWEyNTNiLTllNzYtMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:42,082 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_bd19584e9c631315804d915af64653a8"
    InResponseTo="id-f99a253b-9e76-11ea-8003-81d9d263515d"
    IssueInstant="2020-05-25T11:00:42.067Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_bd19584e9c631315804d915af64653a8">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>L7uhcdQbg8f3Bm2VcEkx2wpKSQ+ypQM9a4XTP84xP130+D8VaA0GxuvGubgBzWhiCVfSb1jCWoq9RR033iz2HA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XEOVi0yzGhciuVIIvno4xdDQ7+g5nL61LwjfTv2wrfhbBTxmqjHbIOOenUYDCvwdEJsONHiDYDm05c94juY681JDSfWc418JZllJ5BVAZ9ND81RORcJHYAjJPb4Mqu8ioLJBxoHL0+JSK44+18vs30wVDi4IsPwEpe0Qjn8PZqQlqQEInO5wDXd2U0ZurWFK6f3yrue0GXNn3mqP6UrXkhGl04AHnF4r08MxWj9+ZeYqzAE4yAZiWmDQ3g0HLbz4t7vIB4BDa3nY+RwnWmiiEqU/K0wFFiUS8fMQ02xQ2+SzURb4L03xiFbgzsAJ0tfHDRRkxT5gxrMP/bZYh/VZMA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_e46deafa1eb8fa5af4760bf906e9c22e"
        IssueInstant="2020-05-25T11:00:42.067Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_e46deafa1eb8fa5af4760bf906e9c22e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>aMJUr3gYc5XYjSjSpbbpq3i6mNC18lYZNw4Fhsnyixax9NajmOWjHOzJYHrorzLM1NQajykjZ8qWjRdpaBSW6A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>J0p1R9OKjde+rM0wJkU3fgUZUTiXyocw8X4MajKwD/JdSgHg6RMVM5/85s20WoOaliyk4jRIIyFpGiP5etJHwnJgrBAOCMPTzk8Y/4oSjRnOQTpwSYvPMZitxNDEhF0RJk2FGnbNW3DtBa7jQYpJJahoGuL2wgCyXCwxtaKM8LhBdIWyPG885KFfxKkoI5gOgE0fi+BLI+MZaOIQbjnkxQ7qCBg18nD+MdhLVjQxEL9AAG8ipZmRs9k65rbz9FurEH2kRPu26kKyWfM9B6WuXoemu3zC0Q/05eQWxYTHQ2crWuEzE33m6Pv8CqdbGSJZcbbI/0QvqrJ1qRIgEA/n7A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-f99a253b-9e76-11ea-8003-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:42.072Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:42.067Z" NotOnOrAfter="2020-05-25T11:05:42.067Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_d064a6edb5f952afcae2925147e83962">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:42,082 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:42,082 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110042Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-f99a253b-9e76-11ea-8003-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_bd19584e9c631315804d915af64653a8|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_e46deafa1eb8fa5af4760bf906e9c22e|
2020-05-25 11:00:43,368 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZhNjI4YTk1LTllNzYtMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:43,368 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:43,368 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:43,369 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fa628a95-9e76-11ea-8004-81d9d263515d"
    IssueInstant="2020-05-25T11:00:43.231Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:43,369 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:43,369 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:43,370 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fa628a95-9e76-11ea-8004-81d9d263515d', issue instant '2020-05-25T11:00:43.231Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:43,370 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:43,371 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:43,371 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:43,372 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:43,372 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:43,373 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:43,373 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:43.373Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:43,373 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:43,374 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:43,374 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,374 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:43.374Z
2020-05-25 11:00:43,374 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,374 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,375 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:43,376 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7f51026d'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:43,377 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:43,378 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7f51026d'
2020-05-25 11:00:43,378 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:43,378 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:43,378 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:43,379 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:43,379 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4be7dd899253ec524116fdbecdaef9cc
2020-05-25 11:00:43,379 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4be7dd899253ec524116fdbecdaef9cc to Response _2f6df506fe641f5bd0ece41838e4bc2c
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4be7dd899253ec524116fdbecdaef9cc
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:43,380 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:43,381 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fa628a95-9e76-11ea-8004-81d9d263515d
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:43,381 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4be7dd899253ec524116fdbecdaef9cc
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4be7dd899253ec524116fdbecdaef9cc did not already contain Conditions, one was added
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:43.378Z, to Assertion _4be7dd899253ec524116fdbecdaef9cc
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4be7dd899253ec524116fdbecdaef9cc already contained Conditions, nothing was done
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4be7dd899253ec524116fdbecdaef9cc already contained Conditions, nothing was done
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:43,382 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4be7dd899253ec524116fdbecdaef9cc
2020-05-25 11:00:43,383 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,383 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,383 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:43,383 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:43,383 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:43,384 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:43,384 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:43,384 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:43,384 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:43,384 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:43,384 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:43,385 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4be7dd899253ec524116fdbecdaef9cc"
2020-05-25 11:00:43,385 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4be7dd899253ec524116fdbecdaef9cc and Element was [saml2:Assertion: null]
2020-05-25 11:00:43,385 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4be7dd899253ec524116fdbecdaef9cc"
2020-05-25 11:00:43,385 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4be7dd899253ec524116fdbecdaef9cc and Element was [saml2:Assertion: null]
2020-05-25 11:00:43,386 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:43,387 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:43,387 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:43,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f6df506fe641f5bd0ece41838e4bc2c"
2020-05-25 11:00:43,387 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f6df506fe641f5bd0ece41838e4bc2c and Element was [saml2p:Response: null]
2020-05-25 11:00:43,388 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2f6df506fe641f5bd0ece41838e4bc2c"
2020-05-25 11:00:43,388 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2f6df506fe641f5bd0ece41838e4bc2c and Element was [saml2p:Response: null]
2020-05-25 11:00:43,389 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:43,389 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:43,389 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:43,390 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZhNjI4YTk1LTllNzYtMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:43,390 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZhNjI4YTk1LTllNzYtMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZhNjI4YTk1LTllNzYtMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:43,391 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_2f6df506fe641f5bd0ece41838e4bc2c"
    InResponseTo="id-fa628a95-9e76-11ea-8004-81d9d263515d"
    IssueInstant="2020-05-25T11:00:43.378Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_2f6df506fe641f5bd0ece41838e4bc2c">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>cUp7PuUU6Wg3Cc8t0o3EpH3rqzGvA5pHLej2PeshSM/Z/tCGMkIXtckrfPKvB+KtlrF1nXB9onwfzcGtxOpohg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>CsUOnFuZFcrihEYqoNSuos3BNVKoSM08fJYWbOKVNW1yCdVhwMpRtcCDaM/Dt2dV5/zMYtRNyv/asJ/vznZ/IugSUjiY6tg16Zk0aGBNC3wz68d4FbwaSo45XJ9yS8TSVtNPdr0gF4lS8633Td07XYZHgW/9gtK4yBeRlRq8a9BF3+ewmztZNrqDdX9qAH9wrr5kkxCBH1ehv0BRxfttgk1e4WTZb/8yl4tjMMrP5jB6Kwn4Ht5hBEXdZU4NSZJcCaPWvqHsH3RxwZXVxIDzwKpfOR+q6HEmCPgsEP+uJx6nVGHje/r+5LIm8DMbdGuTSB5rceMPeQyltYiiFSjWsg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4be7dd899253ec524116fdbecdaef9cc"
        IssueInstant="2020-05-25T11:00:43.378Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_4be7dd899253ec524116fdbecdaef9cc">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>shk1l/SrPN9082CvNlCATsMXSEWWI3YaB4QMfvlvqpfXlKlRz+s1oiephx4kDf1AmNz9KurTS/B8iO7/jsGMfg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Gll8jnJ3ejmtnUZ9LWz1po4whUjTKNytYq7bOhHd2Yh7JiNBoXRr6/U5eJr5QI7XZnm6QPfnUpUvsd/7djQhuNH7E8P3vzmDCLr6ZKRxu+1nHxCIvDBquVPjwAsdP5NlK5SV/Z0zHaGnjrrp31lbf24it5le6+k4u3S6aQECuRzPm4fcBcvKf/+F3kol6Zqcvz4smp7hZQfwGdZvZmIjveyuwmYcNSJCJXhY51es2wLB6Cw6ooQV7HBGqCtl9eIwNN0Ohk+D4Gg3sDCH9YZYnxrZpAHpXNkBKx+9aFPqwxFOo3xpbsxVPKYdSpJM5irtuaq3iNDM4x3guZtNtVbSPQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fa628a95-9e76-11ea-8004-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:43.381Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:43.378Z" NotOnOrAfter="2020-05-25T11:05:43.378Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_2a13f0e2d8261c9da9e59f5a0434675a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:43,391 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:43,391 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110043Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fa628a95-9e76-11ea-8004-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2f6df506fe641f5bd0ece41838e4bc2c|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_4be7dd899253ec524116fdbecdaef9cc|
2020-05-25 11:00:44,650 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiMjc4MWUxLTllNzYtMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:44,650 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:44,651 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:44,651 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fb2781e1-9e76-11ea-8005-81d9d263515d"
    IssueInstant="2020-05-25T11:00:44.522Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:44,652 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:44,652 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:44,652 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fb2781e1-9e76-11ea-8005-81d9d263515d', issue instant '2020-05-25T11:00:44.522Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:44,653 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:44,653 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:44,653 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:44,654 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:44,654 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:44,661 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:44,661 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:44.661Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:44,661 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:44,662 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:44,662 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,662 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:44.662Z
2020-05-25 11:00:44,662 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,662 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,663 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:44,664 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@43501860'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@43501860'
2020-05-25 11:00:44,665 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:44,666 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:44,666 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:44,667 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:44,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _0ae36627e62874111f91c131781a071e
2020-05-25 11:00:44,667 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _0ae36627e62874111f91c131781a071e to Response _c6a90a45f336c378e05ddc7fd979f999
2020-05-25 11:00:44,667 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _0ae36627e62874111f91c131781a071e
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:44,668 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:44,669 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fb2781e1-9e76-11ea-8005-81d9d263515d
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _0ae36627e62874111f91c131781a071e
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _0ae36627e62874111f91c131781a071e did not already contain Conditions, one was added
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:44.666Z, to Assertion _0ae36627e62874111f91c131781a071e
2020-05-25 11:00:44,669 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _0ae36627e62874111f91c131781a071e already contained Conditions, nothing was done
2020-05-25 11:00:44,670 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:44,670 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _0ae36627e62874111f91c131781a071e already contained Conditions, nothing was done
2020-05-25 11:00:44,670 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:44,670 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:44,670 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _0ae36627e62874111f91c131781a071e
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:44,672 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:44,673 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:44,673 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:44,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ae36627e62874111f91c131781a071e"
2020-05-25 11:00:44,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ae36627e62874111f91c131781a071e and Element was [saml2:Assertion: null]
2020-05-25 11:00:44,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_0ae36627e62874111f91c131781a071e"
2020-05-25 11:00:44,673 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _0ae36627e62874111f91c131781a071e and Element was [saml2:Assertion: null]
2020-05-25 11:00:44,675 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:44,676 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:44,676 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:44,676 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6a90a45f336c378e05ddc7fd979f999"
2020-05-25 11:00:44,676 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6a90a45f336c378e05ddc7fd979f999 and Element was [saml2p:Response: null]
2020-05-25 11:00:44,676 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6a90a45f336c378e05ddc7fd979f999"
2020-05-25 11:00:44,676 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6a90a45f336c378e05ddc7fd979f999 and Element was [saml2p:Response: null]
2020-05-25 11:00:44,678 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:44,678 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:44,678 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:44,679 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiMjc4MWUxLTllNzYtMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:44,679 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiMjc4MWUxLTllNzYtMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiMjc4MWUxLTllNzYtMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:44,680 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_c6a90a45f336c378e05ddc7fd979f999"
    InResponseTo="id-fb2781e1-9e76-11ea-8005-81d9d263515d"
    IssueInstant="2020-05-25T11:00:44.666Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_c6a90a45f336c378e05ddc7fd979f999">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>FF7DZ1KZRnOaGbOhvPWKiJh/YEVDUqNq1F71os6g4HkY2QLosKYTeadV4j8rQ9uH+U6AQpOhheCnCS9Wt9VdeA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>cyJmTh7awtuI91WxCGwtlbojgwcOxyoggPzF9uiF25g7xYzhfC6HmIJH5X9WiPHBehgLqVs7tWpl1kM1NLxE1uRx+3u0gg0x5kQQirs+lN3VYbHggvFPk5ikMUVE+otntctlfTFYEjTGl2XZvWCilBpnJRMCkh+U15SxKp3bR3nSIgQ4bJgbvw6R2uZxHiAdTKY9xsZMYvubGBwEXXRRmYe6tlLQVh1XtMLG5qBa4nhICn++Wmyn8tfHcbG1CiZNYE9oul6GOOw4marw2ay0Lup3ssZODUGcwmmKMvOIMNtMRx1448pqu1k6WPKsjk1qzuE9DkQNhwaqT5Bn9ZqQXA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_0ae36627e62874111f91c131781a071e"
        IssueInstant="2020-05-25T11:00:44.666Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_0ae36627e62874111f91c131781a071e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>rb7LBTVv315eI7orO1WPcMLLFTEumseLVbTr3MeJdFO6LjSodpllhpA6Pcu/M5MOkcXXZYXo4jb5RmecbUPMWw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Ja6vN/4QfES+vqU6EP3yWQgbukcutPju645uuhioL+nTOsJgyS0KTgVhSda151tNw0CmTYmU6xy4f1V0E2UpEOG1/meLkjF8aHef0bzRdUNCjQQBeQZmz6ZNpYyACHzWPYbpZozxVUn6ersfMWGlKx7+TzvgAUy7E4Fbql7l+KUy4dsHGomHGLInOoVGggmhOxIP4V19aCOb2xfj/3vpo4M3v0SGDw/J7TIhr4AM/0QmxdAO1TQbLHugmLm2tc3Q3lnosoKwNdYl3p599K2WhlFPdra8PjSr/Pnoobl7vfUHyYBA9X0hhImkaNB0sjh6CM0d49AcsHM2BIu+hRIB3A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fb2781e1-9e76-11ea-8005-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:44.669Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:44.666Z" NotOnOrAfter="2020-05-25T11:05:44.666Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_3a1b24444ffc71c5566f420aaed479da">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:44,680 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:44,681 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110044Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fb2781e1-9e76-11ea-8005-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c6a90a45f336c378e05ddc7fd979f999|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_0ae36627e62874111f91c131781a071e|
2020-05-25 11:00:45,872 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiZTBjNGI5LTllNzYtMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:45,872 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:45,873 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:45,873 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fbe0c4b9-9e76-11ea-8006-81d9d263515d"
    IssueInstant="2020-05-25T11:00:45.736Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:45,874 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:45,874 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:45,874 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fbe0c4b9-9e76-11ea-8006-81d9d263515d', issue instant '2020-05-25T11:00:45.736Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:45,875 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:45,876 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:45,876 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:45,876 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:45,876 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:45,876 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:45,877 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:45,877 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:45,877 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:45,877 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:45,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:45,878 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:45.878Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:45,878 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:45,879 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:45,879 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,879 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:45.879Z
2020-05-25 11:00:45,879 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,879 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,880 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:45,881 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2fe2a193'
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:45,882 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2fe2a193'
2020-05-25 11:00:45,883 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:45,884 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:45,884 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:45,885 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:45,885 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3
2020-05-25 11:00:45,885 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3 to Response _a1cee6fa80c689b8caf8099c5ccf7b99
2020-05-25 11:00:45,886 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:45,887 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:45,888 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fbe0c4b9-9e76-11ea-8006-81d9d263515d
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3 did not already contain Conditions, one was added
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:45.884Z, to Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3
2020-05-25 11:00:45,888 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3 already contained Conditions, nothing was done
2020-05-25 11:00:45,889 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:45,889 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3 already contained Conditions, nothing was done
2020-05-25 11:00:45,889 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:45,889 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:45,889 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _a00bf5f53c2ec9f4df8aa953ace34ed3
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:45,890 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:45,890 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:45,891 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:45,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a00bf5f53c2ec9f4df8aa953ace34ed3"
2020-05-25 11:00:45,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a00bf5f53c2ec9f4df8aa953ace34ed3 and Element was [saml2:Assertion: null]
2020-05-25 11:00:45,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a00bf5f53c2ec9f4df8aa953ace34ed3"
2020-05-25 11:00:45,891 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a00bf5f53c2ec9f4df8aa953ace34ed3 and Element was [saml2:Assertion: null]
2020-05-25 11:00:45,893 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:45,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:45,894 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:45,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a1cee6fa80c689b8caf8099c5ccf7b99"
2020-05-25 11:00:45,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a1cee6fa80c689b8caf8099c5ccf7b99 and Element was [saml2p:Response: null]
2020-05-25 11:00:45,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a1cee6fa80c689b8caf8099c5ccf7b99"
2020-05-25 11:00:45,894 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a1cee6fa80c689b8caf8099c5ccf7b99 and Element was [saml2p:Response: null]
2020-05-25 11:00:45,897 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:45,897 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:45,897 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:45,897 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiZTBjNGI5LTllNzYtMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:45,898 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiZTBjNGI5LTllNzYtMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZiZTBjNGI5LTllNzYtMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:45,899 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_a1cee6fa80c689b8caf8099c5ccf7b99"
    InResponseTo="id-fbe0c4b9-9e76-11ea-8006-81d9d263515d"
    IssueInstant="2020-05-25T11:00:45.884Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_a1cee6fa80c689b8caf8099c5ccf7b99">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>NQXZzZ6PrdfrHpHl+BZ9hDukxHhgbjVy4gqjN8DG7vHCeGCVCeZVbb2L/GegDgBfqNqTTYySINgu0Qf8QdJE9Q==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>aEueDiHyRm7tOOv7WUoTQJFOnTYa52olfRWdulpkOf66Vixti6C53LOszE86XWg0b08hb+q/ndb9e1CljL24YfO0MEEdYrzvL5nQGIg943e50LgPqVRPL2DQ/yfJ8jxOpskN1GIIt5GPoKxZ7hGS1ULjuzK4lQE/yHOKJZD8H4CMi+A0RPEoa222lg2zHdVJWqsHevEhQoUga2kRtPdZ59aT6B9OtI+ea8lY4NS7mqPgJ1m3ni+yRjmugaiby7R0hlgLiagcPumY5of3X3AMqnozV1qlL52ShD2DZELZgbv2+FlF0U/nFM5hJTLCle2jeGycLqtVc+Bf8f/rNrv2bQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_a00bf5f53c2ec9f4df8aa953ace34ed3"
        IssueInstant="2020-05-25T11:00:45.884Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_a00bf5f53c2ec9f4df8aa953ace34ed3">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>Llz8nZiYn5CvhRDP4JcVLD30+O+gK+hZhEvfr/YlCOMARjfMTKIKSGlhmJIe7t7hoKJhL6e6v1cg/6yjpueO3Q==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>QEcG7D8uXR3TpUww/H1Te63/PBEyhSEttI+qOFMx7nqQD8n16yrVfkDiPq+nZSIzA5Nu0sKDm8fXzeBsUP0lpni4g4OFjUnLxg1QSCsi5rxwbO1zdxfsMlgSnBXgs4zGkfMq9KAanl3gJUKjqAZqtQ0cY75l29M3zsQakAoVfDzt65NqbKwloSuoCcBNwWpFrrISMqgFafwkuHcVMrMlmpgiu+A868i4tt797krpI0lLvMeBnJ1icHwbb+LygN0LZYzePXVUENfGFS1z7pXqSbs+tUO8j5nRwWlSJU+yEP3n9w714iOyhtSmLwViagKcdHopzaOXAlZeZ012v4ByOg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fbe0c4b9-9e76-11ea-8006-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:45.888Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:45.884Z" NotOnOrAfter="2020-05-25T11:05:45.884Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_e9d38d6c0d7cdf735ed32507b1774efd">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:45,899 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:45,899 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110045Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fbe0c4b9-9e76-11ea-8006-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a1cee6fa80c689b8caf8099c5ccf7b99|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_a00bf5f53c2ec9f4df8aa953ace34ed3|
2020-05-25 11:00:47,144 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZjOWVlNGU2LTllNzYtMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:47,144 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:47,144 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:47,144 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fc9ee4e6-9e76-11ea-8007-81d9d263515d"
    IssueInstant="2020-05-25T11:00:46.982Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:47,145 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:47,145 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:47,146 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fc9ee4e6-9e76-11ea-8007-81d9d263515d', issue instant '2020-05-25T11:00:46.982Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:47,146 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:47,147 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:47,147 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:47,148 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:47,148 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:47,148 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:47,148 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:47,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:47,149 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:47.149Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:47,149 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:47,150 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:47,150 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,150 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:47.150Z
2020-05-25 11:00:47,150 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,150 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,151 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:47,152 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e1f3d35'
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:47,153 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e1f3d35'
2020-05-25 11:00:47,154 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:47,154 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:47,155 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:47,157 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:47,157 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _c4297b9f7156f2dfab93825176c395b8
2020-05-25 11:00:47,157 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _c4297b9f7156f2dfab93825176c395b8 to Response _22c469156b4e579b1d77a5a519ea0e0a
2020-05-25 11:00:47,157 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _c4297b9f7156f2dfab93825176c395b8
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:47,158 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:47,160 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fc9ee4e6-9e76-11ea-8007-81d9d263515d
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _c4297b9f7156f2dfab93825176c395b8
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _c4297b9f7156f2dfab93825176c395b8 did not already contain Conditions, one was added
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:47.154Z, to Assertion _c4297b9f7156f2dfab93825176c395b8
2020-05-25 11:00:47,160 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _c4297b9f7156f2dfab93825176c395b8 already contained Conditions, nothing was done
2020-05-25 11:00:47,161 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:47,161 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _c4297b9f7156f2dfab93825176c395b8 already contained Conditions, nothing was done
2020-05-25 11:00:47,161 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:47,161 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:47,161 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _c4297b9f7156f2dfab93825176c395b8
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:47,162 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:47,163 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:47,163 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:47,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4297b9f7156f2dfab93825176c395b8"
2020-05-25 11:00:47,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4297b9f7156f2dfab93825176c395b8 and Element was [saml2:Assertion: null]
2020-05-25 11:00:47,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4297b9f7156f2dfab93825176c395b8"
2020-05-25 11:00:47,163 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4297b9f7156f2dfab93825176c395b8 and Element was [saml2:Assertion: null]
2020-05-25 11:00:47,165 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:47,166 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:47,166 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:47,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_22c469156b4e579b1d77a5a519ea0e0a"
2020-05-25 11:00:47,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _22c469156b4e579b1d77a5a519ea0e0a and Element was [saml2p:Response: null]
2020-05-25 11:00:47,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_22c469156b4e579b1d77a5a519ea0e0a"
2020-05-25 11:00:47,167 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _22c469156b4e579b1d77a5a519ea0e0a and Element was [saml2p:Response: null]
2020-05-25 11:00:47,168 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:47,168 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:47,168 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:47,169 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZjOWVlNGU2LTllNzYtMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:47,169 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZjOWVlNGU2LTllNzYtMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZjOWVlNGU2LTllNzYtMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:47,170 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_22c469156b4e579b1d77a5a519ea0e0a"
    InResponseTo="id-fc9ee4e6-9e76-11ea-8007-81d9d263515d"
    IssueInstant="2020-05-25T11:00:47.154Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_22c469156b4e579b1d77a5a519ea0e0a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>GR3JlMWnJ78LSjx6lY7a5eYHTwN3q8WqsYGL+qIDrEiQllrj2+AFfjiPQ2sWsuawLQhLzr/tg6lfyykP7wEutw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>rwT46dPxlTgl7QYsizfVsioXaitXWNW5nohq3SLSfKumm8VBAtUL26UPvmmLshQyHWblC1bdhJD9gNX78w4m5/6SrzNhRd8rdwfAH6cUZnquK4lPdPATZ9yH3yWCjAG9AqNydMAuym5t9b5qI6fLY/Yy6uShueT0m7+f5FoptnwL580/KRzLMsVb+6PYt5u7duH5CYBFXc+EwI4oOnp0pHScVi/l1kHthBY+IRTqUFMKmlyOVWtRSQdcdnGR/C2NSbNbuA2sEbtSSTieHFdAyTkwdqkw83kxCwjboQw0dxJHbksZFaDrwVoJpbUXZEVybFT8QcBQLfzXAcD+f/qM+Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_c4297b9f7156f2dfab93825176c395b8"
        IssueInstant="2020-05-25T11:00:47.154Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_c4297b9f7156f2dfab93825176c395b8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>UMJ6qBbpRKdeQYpHzdGCdyP596dyN1pbwpKibCX01IgZWgSbcVy+/CBv0IxjlLyoodXrtGGIj9Tca+K9GeXvPw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>nxyyiWojvMzR0l/jsFJUX+/5vsddFj5zWyHOCqZUs/Zx+1UGKolcxRlkG4NX0jm7EJ3Z7zE7ikT29qRby91/e+ZDkOTMU8WN4fepSISTjCnIAHkFh8hZU7w3vFJblO7GXEWASLMups/OdNqQRfIuDs0oYInAYBNUMV3Wu9GO4p/8OqGOVqRiHd5T+M9ImNpfU6nSY5JFnTzL+uA8SQuzjxQa7Wl200Cr+iwywMMhfmyMaCYmtraxR1VlEoYY6yBAxecq+aqFNqBzTbhcNGa2Rs2QdyvXMvUOpJPyDCEsxZ95F/3XcklyJoASMJ7qtbMl+qDN42NwNrEYpje5TcEXhQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fc9ee4e6-9e76-11ea-8007-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:47.160Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:47.154Z" NotOnOrAfter="2020-05-25T11:05:47.154Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_7ca63c60504462640936629063ea2f1d">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:47,170 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:47,170 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110047Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fc9ee4e6-9e76-11ea-8007-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_22c469156b4e579b1d77a5a519ea0e0a|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_c4297b9f7156f2dfab93825176c395b8|
2020-05-25 11:00:48,302 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZkNTMzZGRkLTllNzYtMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:48,302 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:48,302 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:48,303 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fd533ddd-9e76-11ea-8008-81d9d263515d"
    IssueInstant="2020-05-25T11:00:48.164Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:48,303 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:48,303 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:48,304 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:48,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:48,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:48,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:48,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:48,304 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fd533ddd-9e76-11ea-8008-81d9d263515d', issue instant '2020-05-25T11:00:48.164Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:48,305 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:48,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:48,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:48,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:48,305 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:48,305 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:48,306 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:48,306 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:48,307 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:48.308Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:48.308Z
2020-05-25 11:00:48,308 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:48,309 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:48,310 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@362830d3'
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:48,311 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@362830d3'
2020-05-25 11:00:48,312 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:48,312 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:48,313 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:48,314 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:48,314 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f82c56c91c36787f7f10125871fb8c4b
2020-05-25 11:00:48,314 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f82c56c91c36787f7f10125871fb8c4b to Response _35f7a43b4b6ce12efad5589ebdd27dbb
2020-05-25 11:00:48,314 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f82c56c91c36787f7f10125871fb8c4b
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:48,315 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:48,316 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fd533ddd-9e76-11ea-8008-81d9d263515d
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:48,316 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f82c56c91c36787f7f10125871fb8c4b
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f82c56c91c36787f7f10125871fb8c4b did not already contain Conditions, one was added
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:48.312Z, to Assertion _f82c56c91c36787f7f10125871fb8c4b
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f82c56c91c36787f7f10125871fb8c4b already contained Conditions, nothing was done
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f82c56c91c36787f7f10125871fb8c4b already contained Conditions, nothing was done
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:48,317 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f82c56c91c36787f7f10125871fb8c4b
2020-05-25 11:00:48,318 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,318 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,318 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:48,318 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:48,318 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:48,319 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:48,319 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:48,319 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:48,319 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:48,319 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:48,319 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f82c56c91c36787f7f10125871fb8c4b"
2020-05-25 11:00:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f82c56c91c36787f7f10125871fb8c4b and Element was [saml2:Assertion: null]
2020-05-25 11:00:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f82c56c91c36787f7f10125871fb8c4b"
2020-05-25 11:00:48,320 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f82c56c91c36787f7f10125871fb8c4b and Element was [saml2:Assertion: null]
2020-05-25 11:00:48,322 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:48,323 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:48,323 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:48,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35f7a43b4b6ce12efad5589ebdd27dbb"
2020-05-25 11:00:48,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35f7a43b4b6ce12efad5589ebdd27dbb and Element was [saml2p:Response: null]
2020-05-25 11:00:48,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_35f7a43b4b6ce12efad5589ebdd27dbb"
2020-05-25 11:00:48,323 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _35f7a43b4b6ce12efad5589ebdd27dbb and Element was [saml2p:Response: null]
2020-05-25 11:00:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:48,325 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:48,326 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZkNTMzZGRkLTllNzYtMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:48,326 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZkNTMzZGRkLTllNzYtMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZkNTMzZGRkLTllNzYtMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:48,327 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_35f7a43b4b6ce12efad5589ebdd27dbb"
    InResponseTo="id-fd533ddd-9e76-11ea-8008-81d9d263515d"
    IssueInstant="2020-05-25T11:00:48.312Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_35f7a43b4b6ce12efad5589ebdd27dbb">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>klpn+Hbi25uRnOQH7mzj5TZ3YXIIdC/H2fdg3+25WAb4BsHhZRgQ9V9fCU/tgr2xPtbGBKLaoUrQns9k8Zdwlw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>kzHoFkSsGJXhh30rEIrelWOs/cZ2onesuUQ3ySgeHfiXccRly1v9MFgkpcQRby3t5hXkoJgHapC7vbhY2Y1B9V0puENOv+xFJr8ssGRKHggUmZpERcAdPekLOZXAKd2oCMFPYLy+kURIfti+JpA3FCP89So3ltBG2jDLWGC7+Ik5qofJTZsqo/ZbjU7fKUhsw6Yt9uSKVI/iw7BYfczrEcHwN46HyCj4Ahm9rsGtuFIqWQFHGLlUZqYoe8tJInNF8ANGihHPnNo2yNT+a1Iq710v1aiCo67nw17w+zZ4KU3zJoAOLQCkphRPkcl4nPd2ep5Cd17L8FaZScYok1Cmcg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f82c56c91c36787f7f10125871fb8c4b"
        IssueInstant="2020-05-25T11:00:48.312Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_f82c56c91c36787f7f10125871fb8c4b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>O5byhhRRq6jHc5a71Qn1zEqWOLY80inwZ0SlJo9eRRlTqko18W7xELY5OGvqdcGO4Fd7wISzhCE1bDNoR1WRBA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>acmIJAhX6fuHi8xnaf2MgfbOqu6zqeFq3pTls5aeoeNf9DEiO0JU/FDJWl8echAsg7WR8RqqOfuhgNBMzHNr6L1aaIgQU5Yk34OODgAJnkggvWVYp5wEPMzEuAGTld2/b2yt5lXC4Hz6uxJjWjLRcUa7pl/bA8Iw1nsbG2SfOb6mtX8c6OCXcrXx1BWyHHBdn8JvsQmpLG5tH2b6XWrwWO+4/cWWJa0xQxz58Gj4Hb2tz5cNW65OW4DjC2yYBQK0G17O5FykM6T3CxPV7fYT5UdkdsMnhAahGXevc9dtu7ksvht0QxxoPMCVgVsjH9BpydqCoAJhEkpx+WFLpXcp2Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fd533ddd-9e76-11ea-8008-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:48.316Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:48.312Z" NotOnOrAfter="2020-05-25T11:05:48.312Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_e307cd9074f4cdd596cfdb9f568a8f1a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:48,327 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:48,328 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110048Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fd533ddd-9e76-11ea-8008-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_35f7a43b4b6ce12efad5589ebdd27dbb|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_f82c56c91c36787f7f10125871fb8c4b|
2020-05-25 11:00:49,726 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZlMjdhN2U5LTllNzYtMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:49,726 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:00:49,726 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:00:49,726 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-fe27a7e9-9e76-11ea-8009-81d9d263515d"
    IssueInstant="2020-05-25T11:00:49.556Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:00:49,727 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:00:49,727 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:49,728 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-fe27a7e9-9e76-11ea-8009-81d9d263515d', issue instant '2020-05-25T11:00:49.556Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:00:49,728 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:00:49,729 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:00:49,729 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:00:49,730 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:00:49,730 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:49,730 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:00:49,730 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:00:49,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:00:49,731 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:00:49.731Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:00:49,731 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:00:49,732 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:00:49,732 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,732 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:00:49.732Z
2020-05-25 11:00:49,732 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,732 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,733 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:00:49,734 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@78c1d3b8'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@78c1d3b8'
2020-05-25 11:00:49,735 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:00:49,736 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:00:49,737 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:00:49,738 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:00:49,738 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _07a192ab236c041c36445c19cb039641
2020-05-25 11:00:49,738 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _07a192ab236c041c36445c19cb039641 to Response _f39040bc4b729d9450d53446e5e9a854
2020-05-25 11:00:49,738 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _07a192ab236c041c36445c19cb039641
2020-05-25 11:00:49,739 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:00:49,740 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:00:49,741 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-fe27a7e9-9e76-11ea-8009-81d9d263515d
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _07a192ab236c041c36445c19cb039641
2020-05-25 11:00:49,741 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _07a192ab236c041c36445c19cb039641 did not already contain Conditions, one was added
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:05:49.736Z, to Assertion _07a192ab236c041c36445c19cb039641
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _07a192ab236c041c36445c19cb039641 already contained Conditions, nothing was done
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _07a192ab236c041c36445c19cb039641 already contained Conditions, nothing was done
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:00:49,742 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _07a192ab236c041c36445c19cb039641
2020-05-25 11:00:49,743 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,743 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,743 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:00:49,744 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:00:49,744 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:00:49,744 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:00:49,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_07a192ab236c041c36445c19cb039641"
2020-05-25 11:00:49,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _07a192ab236c041c36445c19cb039641 and Element was [saml2:Assertion: null]
2020-05-25 11:00:49,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_07a192ab236c041c36445c19cb039641"
2020-05-25 11:00:49,745 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _07a192ab236c041c36445c19cb039641 and Element was [saml2:Assertion: null]
2020-05-25 11:00:49,747 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:00:49,749 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:49,749 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:00:49,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f39040bc4b729d9450d53446e5e9a854"
2020-05-25 11:00:49,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f39040bc4b729d9450d53446e5e9a854 and Element was [saml2p:Response: null]
2020-05-25 11:00:49,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f39040bc4b729d9450d53446e5e9a854"
2020-05-25 11:00:49,749 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f39040bc4b729d9450d53446e5e9a854 and Element was [saml2p:Response: null]
2020-05-25 11:00:49,751 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:00:49,752 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:00:49,752 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:00:49,752 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZlMjdhN2U5LTllNzYtMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:00:49,753 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZlMjdhN2U5LTllNzYtMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogImZlMjdhN2U5LTllNzYtMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:00:49,754 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_f39040bc4b729d9450d53446e5e9a854"
    InResponseTo="id-fe27a7e9-9e76-11ea-8009-81d9d263515d"
    IssueInstant="2020-05-25T11:00:49.736Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_f39040bc4b729d9450d53446e5e9a854">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>9o7SDmD2e7o6cP8ZzmhnT7JMFBiZvOtuiO2lzp3AcffXVxncEiyoqLLtNUWe90tEOI0NXAMJkDM1QMzWGBpLag==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>bt3NyFXUvQ4qdhlLCqHGYPrgVczuUbHzEQ6M8OPp3KBbpP9189qdpII+je6dW5l/XalERyGHY8fmr0xgRycqZtWT16Vh4r/bzglhH9xkQ2azvnIgt6geazVQtiF6oMR9jcwPPz28zJy+UQinoy9LT8PRcNDIPyq6FArzcR9i6o4XXt/SLXNt6embqGrL9tjIUlCK4i2oNQeTvJshaU2AjPDHL0pFlC1Pi4cOgLJa/8JKDKTr2HEs0dLWY3+Voo2T8L5jiTylBTG86WZ/+4CNtRs6FGhlptbjFuspgZZLY/jzlQk9yfXA5KAO2KdufCVJMhu4f7nH8vjCikJ5xdL0gg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_07a192ab236c041c36445c19cb039641"
        IssueInstant="2020-05-25T11:00:49.736Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_07a192ab236c041c36445c19cb039641">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>iycyzdirjCSc6FlEd2OrLkO3gbfBJgYYSdGb+VpresQgpflMzoMZdtGkozi9SSIj6FLo9weoqTYe38T2AbuSow==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>GRcg7lRjT+EEn+cxTStV6Wd4r4xQTyexDWXmvXOVw8wLMkPXJ5NBe93k1WpeNvzawlRUaQ+4xE6FKj3RgedWeqQQC9oCLUMjVYyG85/aYi8aMw2Lt64sHbiyVUb++aXe4nL9LS4pHJ5JSxu98rQ8MtqMxGd2nc5moeoIuxHwK/xeqkAjA90YwT5NbYQEBkbM7w3EFpSswnCPpBS9kPTEA8JlU6mkvi/Uu6ON+XL3pXhCcRJVK5a+F6mYPNBjUxdsGJPm1uIhrE+3unSNZZT6P29QDZhaFEUO9Jr57IobJ6/rKUQsG1MMptGcFJLojtKT+G20Kp1njFjR7RLWBJedSg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-fe27a7e9-9e76-11ea-8009-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:05:49.741Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:00:49.736Z" NotOnOrAfter="2020-05-25T11:05:49.736Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_5f081d93d750984b117aa0ac1d9e422d">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:00:49,754 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:00:49,754 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110049Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-fe27a7e9-9e76-11ea-8009-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f39040bc4b729d9450d53446e5e9a854|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_07a192ab236c041c36445c19cb039641|
2020-05-25 11:01:08,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-105585-7HGfZv6G6pLjEQbMc4ER-IcwKYUqfdUl
2020-05-25 11:01:08,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-05-25 11:01:08,816 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-05-25 11:01:08,816 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
    IsPassive="false" IssueInstant="2020-05-25T11:01:07.795Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qYsxEN33Utvr80drnFlTomeANTGGO0Ccl/7BBVyyd5E=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
rRh21ASzROsPvE1cjZmxqCdNsdl+TPzJxUefCUnHxhkuHafdXuQ1tSivdCeT8TdrueRz0UtI8EbS
Kni7iHKsWN7DVzi/EcgU1m+bojaUIGdgJGd62MwBbOMZ/ZnE4vl6U2Q174S4GcQqYpC+gYlUzz3w
sjIuvCFhI6lDrmMUM71AzJIAghPg6CKV+lEPhvFMpDT2qmV21wGnGkMucgHCVqpheM3KgfsynIfo
iGI1RNZIoEmcgXAgpUJUEIkHQome7tnQk4pvocxtLUojwcIvmx6wODY5dgrsXfqHQRiEe5c5WkBk
V0Km4ReYCO5WTzh5S4565u21Im4c35JadxfTOQ==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-05-25 11:01:08,821 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' from origin source
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-05-25 11:01:08,822 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-05-25 11:01:08,822 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:08,822 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f', issue instant '2020-05-25T11:01:07.795Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:08,823 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-05-25 11:01:08,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-05-25 11:01:08,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-05-25 11:01:08,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-05-25 11:01:08,823 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f and Element was [saml2p:AuthnRequest: null]
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f and Element was [saml2p:AuthnRequest: null]
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
2020-05-25 11:01:08,824 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:08,824 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:08,824 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,824 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:08,825 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:08,825 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:08,825 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:08,825 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:08,826 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:08,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:08,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:08,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:08,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:08,826 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:08,826 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-05-25 11:01:08,826 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:08,826 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:08,826 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-05-25 11:01:08,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:08,831 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:08.831Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:08,831 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:08,831 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:08,831 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-05-25 11:01:08,832 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-05-25 11:01:08,923 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjA5NTliM2IzLTllNzctMTFlYS04MDAxLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:08,923 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:08,923 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:08,923 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-0959b3b3-9e77-11ea-8001-81d9d263515d"
    IssueInstant="2020-05-25T11:01:08.339Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:08,924 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://127.0.0.1:8193/saml/sp' from origin source
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:08,924 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:08,924 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:08,925 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:08,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:08,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:08,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:08,925 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0959b3b3-9e77-11ea-8001-81d9d263515d', issue instant '2020-05-25T11:01:08.339Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:08,926 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:08,926 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:08,927 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:08,927 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:08,928 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:08.929Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:01:08.929Z
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,929 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:08,930 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,931 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:08,931 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:08,931 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:08,931 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:08,931 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:08,932 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@755821e8'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@755821e8'
2020-05-25 11:01:08,933 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:08,934 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:08,935 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:08,936 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:08,936 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _28546e6ad56346dc0b84f41333254ad8
2020-05-25 11:01:08,936 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _28546e6ad56346dc0b84f41333254ad8 to Response _05e01795c671808fee6c592ed3fbc960
2020-05-25 11:01:08,936 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _28546e6ad56346dc0b84f41333254ad8
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:08,937 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:08,938 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-0959b3b3-9e77-11ea-8001-81d9d263515d
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:08,938 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _28546e6ad56346dc0b84f41333254ad8
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _28546e6ad56346dc0b84f41333254ad8 did not already contain Conditions, one was added
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:08.934Z, to Assertion _28546e6ad56346dc0b84f41333254ad8
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _28546e6ad56346dc0b84f41333254ad8 already contained Conditions, nothing was done
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _28546e6ad56346dc0b84f41333254ad8 already contained Conditions, nothing was done
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:08,939 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _28546e6ad56346dc0b84f41333254ad8
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:08,941 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:08,942 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:08,942 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:08,943 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_28546e6ad56346dc0b84f41333254ad8"
2020-05-25 11:01:08,943 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _28546e6ad56346dc0b84f41333254ad8 and Element was [saml2:Assertion: null]
2020-05-25 11:01:08,943 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_28546e6ad56346dc0b84f41333254ad8"
2020-05-25 11:01:08,943 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _28546e6ad56346dc0b84f41333254ad8 and Element was [saml2:Assertion: null]
2020-05-25 11:01:08,945 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:08,947 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:08,947 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:08,947 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05e01795c671808fee6c592ed3fbc960"
2020-05-25 11:01:08,947 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05e01795c671808fee6c592ed3fbc960 and Element was [saml2p:Response: null]
2020-05-25 11:01:08,947 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05e01795c671808fee6c592ed3fbc960"
2020-05-25 11:01:08,947 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05e01795c671808fee6c592ed3fbc960 and Element was [saml2p:Response: null]
2020-05-25 11:01:08,949 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:08,949 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:08,949 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:08,950 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjA5NTliM2IzLTllNzctMTFlYS04MDAxLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:08,951 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjA5NTliM2IzLTllNzctMTFlYS04MDAxLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjA5NTliM2IzLTllNzctMTFlYS04MDAxLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:08,952 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_05e01795c671808fee6c592ed3fbc960"
    InResponseTo="id-0959b3b3-9e77-11ea-8001-81d9d263515d"
    IssueInstant="2020-05-25T11:01:08.934Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_05e01795c671808fee6c592ed3fbc960">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>js/ljMjUAdnk8Ncw17SCfD1AVRGw4el6m00rzpUuKUS+LB5/XesIfahutGDfkDpl1c5ot9fL8eCzUNny3ErIyQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>m8lm0Ayf18d7Iu8D3BwoAsdWdvX6ffDb1xlKTLd110iR/3TdlbYz6ukxOLv2xShpRLuymyyC0SBsd+16kczE8Hy9TFwUJcw1WEIO6pW+mwAvvM21SxbPc5cXpeXqiGHWnx5OjBU9QV9ksdTAWeNhH4zQCTqxrdB6atf71hcVTwQgqUf3y6ao7dK1p/EYd2wsuhZoNqrDDYs19LWF8LJR08GZga7BI2N+xDnP9mr0VJAFWAxUWfnJHCK8rQKQov4aoNtgF2fx9b+u+rjl1qmRU6RqQRy5zBUiQiEJyljbsJT0ouazmsyAgip/5l2xXLjByRtc6urnctFJpjIJXjNUkA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_28546e6ad56346dc0b84f41333254ad8"
        IssueInstant="2020-05-25T11:01:08.934Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_28546e6ad56346dc0b84f41333254ad8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>XWWnVDn1TR/bYvK0IXyrrG9zySaMuCGlor3s/zUDLr2MgiRRU91xP+fWLQt3vOUCYARVpTi1IjOdhFhaYxtXOw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>qi7A+KjdKBbbVt2ODjXjVPa2VXyvxChyDX6te6KQ56g5KippzFSfzps1iiMHEmxQoeXsB34OPgxRo0VnXC1trwrxrKnkrGN6CiKPI04tOdBb/91+pu3zRhJuqsJt+BnjsrnROAaANAg3Ol686wU7hmG5nKer86VKgXllXOCiAemLFsGmY+pX1R++C3TevbERHgRf3zD/Hbf7JmJg8I1fgFwOzsHnffVWsIM5s8ZE5OnplIrqTAHFwcQ+OvYtwz/bGzu+4UfnMOFyUby5vwAkorCYGhII12QHQ/6O4+F7UTLkabM13+ah+iiXU06UwZf3Jy+V0igaR+OjTJVUYZxAVg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-0959b3b3-9e77-11ea-8001-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:08.938Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:08.934Z" NotOnOrAfter="2020-05-25T11:06:08.934Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_868098b40831a0f0809684d91b7560e0">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:08,952 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:08,953 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110108Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-0959b3b3-9e77-11ea-8001-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_05e01795c671808fee6c592ed3fbc960|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_28546e6ad56346dc0b84f41333254ad8|
2020-05-25 11:01:09,009 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-05-25 11:01:09,009 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:09,009 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-05-25 11:01:10,207 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBhNjEwZWRlLTllNzctMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:10,207 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:10,207 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:10,208 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-0a610ede-9e77-11ea-8002-81d9d263515d"
    IssueInstant="2020-05-25T11:01:10.065Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:10,208 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:10,208 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:10,209 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0a610ede-9e77-11ea-8002-81d9d263515d', issue instant '2020-05-25T11:01:10.065Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:10,209 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:10,210 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:10,210 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:10,211 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:10,211 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:10,211 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:10,211 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:10,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:10,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:10.212Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:10,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:10,213 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:10,213 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,213 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:01:10.213Z
2020-05-25 11:01:10,213 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,213 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,214 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:10,215 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@959b7a2'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@959b7a2'
2020-05-25 11:01:10,216 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:10,217 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:10,217 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:10,219 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:10,219 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _566911d217b0b207a290d08884c5678b
2020-05-25 11:01:10,219 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _566911d217b0b207a290d08884c5678b to Response _442bc11d39ae9a0d0ea99c6f5511d3bc
2020-05-25 11:01:10,219 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _566911d217b0b207a290d08884c5678b
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:10,220 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:10,221 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-0a610ede-9e77-11ea-8002-81d9d263515d
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _566911d217b0b207a290d08884c5678b
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _566911d217b0b207a290d08884c5678b did not already contain Conditions, one was added
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:10.217Z, to Assertion _566911d217b0b207a290d08884c5678b
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _566911d217b0b207a290d08884c5678b already contained Conditions, nothing was done
2020-05-25 11:01:10,221 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:10,222 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _566911d217b0b207a290d08884c5678b already contained Conditions, nothing was done
2020-05-25 11:01:10,222 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:10,222 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:10,222 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _566911d217b0b207a290d08884c5678b
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:10,223 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:10,224 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:10,224 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:10,224 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_566911d217b0b207a290d08884c5678b"
2020-05-25 11:01:10,224 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _566911d217b0b207a290d08884c5678b and Element was [saml2:Assertion: null]
2020-05-25 11:01:10,224 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_566911d217b0b207a290d08884c5678b"
2020-05-25 11:01:10,224 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _566911d217b0b207a290d08884c5678b and Element was [saml2:Assertion: null]
2020-05-25 11:01:10,226 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:10,227 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:10,227 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:10,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_442bc11d39ae9a0d0ea99c6f5511d3bc"
2020-05-25 11:01:10,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _442bc11d39ae9a0d0ea99c6f5511d3bc and Element was [saml2p:Response: null]
2020-05-25 11:01:10,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_442bc11d39ae9a0d0ea99c6f5511d3bc"
2020-05-25 11:01:10,228 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _442bc11d39ae9a0d0ea99c6f5511d3bc and Element was [saml2p:Response: null]
2020-05-25 11:01:10,230 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:10,230 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:10,230 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:10,230 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBhNjEwZWRlLTllNzctMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:10,231 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBhNjEwZWRlLTllNzctMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBhNjEwZWRlLTllNzctMTFlYS04MDAyLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:10,232 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_442bc11d39ae9a0d0ea99c6f5511d3bc"
    InResponseTo="id-0a610ede-9e77-11ea-8002-81d9d263515d"
    IssueInstant="2020-05-25T11:01:10.217Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_442bc11d39ae9a0d0ea99c6f5511d3bc">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>KxvcJnLnDnNDY/vWHVrb89n//r0EfRv1qO/memtLVO2temz9vIfetky6Fd4LSn5CSjZSI7ibRR/t3sc1F/28sQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jFVArQ6FgeJ9EnyIb9kqKyE3eTWDrMXaEKpQ6oN4IzEmOle4TPgz+yY3/Vlkb4CuooB9QWG4YrsGfOzkEJO3Zr1/kTLTWZiLmlrbYM/iBTRidM/FrqUJMuWoXkV4NVfsYIGu/CrDMoj/vAjl2nm5hiP/Gp3TFmnyV08vhddrwCzUI8nHJIEncrl35k7w7VecWRxAI6D9Rg4ZwMX5vOb8+YFa3TYXj3J1vGII5eGPHqks1hfXfmQZQMi4N6p9gAl0BzRqLyNxjIGuUksTVXAJkx9lRY09gOHC1g4MtJjcZRLoOmZDJTPTPFSzcVns5uARX+A5s3VAOc/1gZOB8qEf4w==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_566911d217b0b207a290d08884c5678b"
        IssueInstant="2020-05-25T11:01:10.217Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_566911d217b0b207a290d08884c5678b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>o/lNv9X/whc/hH5xkG6+3FdFOpi//gxyDSswYBYA3wXq7TH9ZX8TdrJr0vgIleUy6HzN9ZVRByDJzBV9N2wulQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>JB2tVSCp/BCtqeqvYTH2oqqvXXOvLFYWZmCfMgGeP8xa1A3C4OsSHNx8bDERaWLJ7cbGh2DnucmaLdUeVkrGeE4zJ3wxTrNZyVwqOHFmODDjCcl0yuZNa6V7eoDniQ48G2l7I+KBzOrqIHQ+mGUO41+9bAYHi3x6ejijnyqQKqt9F6ob7UdTnOwBcuuntREDvyHkJTeA+Ncs+yr4pRlNOfEjxRi4Q+i8S0GDzXVjy1IZ6JxUIj40X686gONgFsYnYpfuLr8ZhrZca21nlM1/s4N4UEq6T+t4xSiMM+kqSRMLkrPoOAhxVF/BU7FN0Q4WJkoYdoYmeGXY3w73Z4MffQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-0a610ede-9e77-11ea-8002-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:10.221Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:10.217Z" NotOnOrAfter="2020-05-25T11:06:10.217Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_881f7dbb3d9ee9dd598be9ea07036da6">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:10,232 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:10,232 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110110Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-0a610ede-9e77-11ea-8002-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_442bc11d39ae9a0d0ea99c6f5511d3bc|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_566911d217b0b207a290d08884c5678b|
2020-05-25 11:01:11,458 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiMjE3OWVjLTllNzctMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:11,458 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:11,458 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:11,458 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-0b2179ec-9e77-11ea-8003-81d9d263515d"
    IssueInstant="2020-05-25T11:01:11.326Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:11,459 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:11,459 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:11,460 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0b2179ec-9e77-11ea-8003-81d9d263515d', issue instant '2020-05-25T11:01:11.326Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:11,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:11,461 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:11,461 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:11,462 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:11,462 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:11,462 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:11,462 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:11,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:11,463 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:11.463Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:11,463 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:11,463 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:11,464 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,464 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:01:11.464Z
2020-05-25 11:01:11,464 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,464 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,465 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:11,466 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5eaf8859'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:11,467 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:11,468 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:11,468 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:11,468 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5eaf8859'
2020-05-25 11:01:11,468 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,468 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:11,469 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:11,470 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:11,470 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2c1564589535ad20402c3b34f730d7af
2020-05-25 11:01:11,470 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2c1564589535ad20402c3b34f730d7af to Response _72209ef0c6edae14b94bb8a7cb245ac3
2020-05-25 11:01:11,470 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2c1564589535ad20402c3b34f730d7af
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:11,471 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:11,472 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-0b2179ec-9e77-11ea-8003-81d9d263515d
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:11,472 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2c1564589535ad20402c3b34f730d7af
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2c1564589535ad20402c3b34f730d7af did not already contain Conditions, one was added
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:11.468Z, to Assertion _2c1564589535ad20402c3b34f730d7af
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2c1564589535ad20402c3b34f730d7af already contained Conditions, nothing was done
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2c1564589535ad20402c3b34f730d7af already contained Conditions, nothing was done
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:11,473 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2c1564589535ad20402c3b34f730d7af
2020-05-25 11:01:11,474 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,474 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,474 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:11,475 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:11,475 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:11,475 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:11,476 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c1564589535ad20402c3b34f730d7af"
2020-05-25 11:01:11,476 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c1564589535ad20402c3b34f730d7af and Element was [saml2:Assertion: null]
2020-05-25 11:01:11,476 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c1564589535ad20402c3b34f730d7af"
2020-05-25 11:01:11,476 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c1564589535ad20402c3b34f730d7af and Element was [saml2:Assertion: null]
2020-05-25 11:01:11,478 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:11,479 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:11,479 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:11,479 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_72209ef0c6edae14b94bb8a7cb245ac3"
2020-05-25 11:01:11,479 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _72209ef0c6edae14b94bb8a7cb245ac3 and Element was [saml2p:Response: null]
2020-05-25 11:01:11,479 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_72209ef0c6edae14b94bb8a7cb245ac3"
2020-05-25 11:01:11,479 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _72209ef0c6edae14b94bb8a7cb245ac3 and Element was [saml2p:Response: null]
2020-05-25 11:01:11,481 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:11,481 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:11,481 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:11,481 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiMjE3OWVjLTllNzctMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:11,482 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiMjE3OWVjLTllNzctMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiMjE3OWVjLTllNzctMTFlYS04MDAzLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:11,483 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_72209ef0c6edae14b94bb8a7cb245ac3"
    InResponseTo="id-0b2179ec-9e77-11ea-8003-81d9d263515d"
    IssueInstant="2020-05-25T11:01:11.468Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_72209ef0c6edae14b94bb8a7cb245ac3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>tD7Mt/snrSTz09Kniy56d3hBRlJbFUW3v+WYY2BGvKr02MrG+6yEEbGTeMssHmrHuLharX1jA2eCulm0Fu8XWg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DerA0HM2b5ItfyVjNXgjqgu6715SwIWa0CYrs8ia7GdQ5tkQfZJy4YCSgDbb7fzl01KEgEKaJLMK6CRwM0gHIUyOfrhjrn49tT5YDJX8XyIqiOUkAxSnE8Hi02NdYIXT/tenbQLg3Ee/n/p5iZNItOrZMnsuoaRorOOTX0dd884inR2wLtoUCpkmZyv1fRfz7DjxwyJvZtbA/4tCqBtgeLsbyW7NBLrpV+TwXvb6wyxvU93jcY6qwsiDySxqmbiJiIcvd3FsCz694FUE5gJGwImxPiUm8vKatRczyDuihtLfFAZ2eYepGyoNzl/HJuuXzAkjU1XgstPsUNSIdkJCow==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2c1564589535ad20402c3b34f730d7af"
        IssueInstant="2020-05-25T11:01:11.468Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_2c1564589535ad20402c3b34f730d7af">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>PdIq2uqg1XtKe42Mju36+/GJEmfYyKebi3ZLSFxCZTpbchftkjDp2pEsYvTDb+fpdAds20JFss9x0YeXo6Yw9A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>kxLUgLsV5jzex5OFqchrfosdsSvH9o1BhFR8qRYhC1LhtYmgI0MnCRMBfHgd/3ckgX2qrNwlUGHj+xM4COu0USFQJlVGzFjpl/P0C1dQwwzkJAlsiVctq95J5xnWXS9DLcWWwB3bhm7Mloj71IFwQ3c35syElOKC2Gzlfmxa5ykHUUNK4lzPKi+SDeSo03GO+SlJ0yUYs57j6xuyWETlV5uwkgnXwLINm/m57pWU4+oKjgpyWFo0bYV22SWvMzOBeZjwfI/+UIq+QWWIZsFSwjRjqOEM6Mrkvf7/0Of6ns9Tjw7mLAjkZqq6eOUzVSO4/WZ1PXR5SoS+/oHZJ8lnvA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-0b2179ec-9e77-11ea-8003-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:11.472Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:11.468Z" NotOnOrAfter="2020-05-25T11:06:11.468Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_3cc8b5cc06cd5d26a8347fe4fffb6e7a">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:11,483 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:11,483 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110111Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-0b2179ec-9e77-11ea-8003-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_72209ef0c6edae14b94bb8a7cb245ac3|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_2c1564589535ad20402c3b34f730d7af|
2020-05-25 11:01:11,697 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-05-25 11:01:11,697 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-05-25 11:01:11,697 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@365210030::identifier=rick, context=org.apache.velocity.VelocityContext@573afdc8]
2020-05-25 11:01:11,699 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@365210030::identifier=rick, context=org.apache.velocity.VelocityContext@573afdc8]
2020-05-25 11:01:11,700 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-05-25 11:01:11,700 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 7f9cbba68348dadcd5969837b6ef69bcb1f9ad7eb0f8e4a0f41b0bc696961bc7 for principal rick
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 7f9cbba68348dadcd5969837b6ef69bcb1f9ad7eb0f8e4a0f41b0bc696961bc7
2020-05-25 11:01:11,701 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-05-25 11:01:11,702 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-05-25 11:01:11,702 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:11,702 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@24c9b419'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:11,703 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:11,704 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:11,704 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:11,880 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-05-25 11:01:12,543 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200525T110112Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1621940472543}'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-05-25 11:01:12,543 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@24c9b419'
2020-05-25 11:01:12,544 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,544 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:12,545 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:12,545 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:12,545 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _5a73f76f1541e133d1d09750b0dc1315
2020-05-25 11:01:12,545 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _5a73f76f1541e133d1d09750b0dc1315 to Response _207a07fa380fc5f0f7ff3d80d13ed934
2020-05-25 11:01:12,545 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _5a73f76f1541e133d1d09750b0dc1315
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-05-25 11:01:12,546 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-05-25 11:01:12,547 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-05-25 11:01:12,547 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-05-25 11:01:12,547 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxpWT6inzbkaikNe8PzTBnV22kOkSzcwtU4phGeBURmI/lXYcdg8bL2xo81/dF8mEEsVdmu3onkxdwuNkEvBl7BTlrLEhBCp6gdw/NFlEATVtfIV+xHPnCboAnoXunCum8X/cOyyIiMSuIcP4/aLnJXaDtfIJFyiQ= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:12,547 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _5a73f76f1541e133d1d09750b0dc1315
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _5a73f76f1541e133d1d09750b0dc1315 did not already contain Conditions, one was added
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:12.544Z, to Assertion _5a73f76f1541e133d1d09750b0dc1315
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _5a73f76f1541e133d1d09750b0dc1315 already contained Conditions, nothing was done
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _5a73f76f1541e133d1d09750b0dc1315 already contained Conditions, nothing was done
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-05-25 11:01:12,548 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _5a73f76f1541e133d1d09750b0dc1315
2020-05-25 11:01:12,549 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 7f9cbba68348dadcd5969837b6ef69bcb1f9ad7eb0f8e4a0f41b0bc696961bc7
2020-05-25 11:01:12,549 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 7f9cbba68348dadcd5969837b6ef69bcb1f9ad7eb0f8e4a0f41b0bc696961bc7
2020-05-25 11:01:12,549 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:12,549 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQxpWT6inzbkaikNe8PzTBnV22kOkSzcwtU4phGeBURmI/lXYcdg8bL2xo81/dF8mEEsVdmu3onkxdwuNkEvBl7BTlrLEhBCp6gdw/NFlEATVtfIV+xHPnCboAnoXunCum8X/cOyyIiMSuIcP4/aLnJXaDtfIJFyiQ=
2020-05-25 11:01:12,549 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:12,549 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:12,550 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5a73f76f1541e133d1d09750b0dc1315"
2020-05-25 11:01:12,550 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5a73f76f1541e133d1d09750b0dc1315 and Element was [saml2:Assertion: null]
2020-05-25 11:01:12,550 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_5a73f76f1541e133d1d09750b0dc1315"
2020-05-25 11:01:12,550 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _5a73f76f1541e133d1d09750b0dc1315 and Element was [saml2:Assertion: null]
2020-05-25 11:01:12,552 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_207a07fa380fc5f0f7ff3d80d13ed934"
    InResponseTo="_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
    IssueInstant="2020-05-25T11:01:12.544Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_5a73f76f1541e133d1d09750b0dc1315"
        IssueInstant="2020-05-25T11:01:12.544Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_5a73f76f1541e133d1d09750b0dc1315">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>3yohQRWjV4kT0ktwix8OPckMuW9tO4DdliN6wOCFZubtiuRwmqJnifA6ls4jrTDH0MKn9S4L1D5lUuv3ON16IQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>oIGDQUoari1Vd2bCWFQmDB0I7wnP/rhCcmskcRXmBoWsN3L6DjFY619p/F3bkexZ7JnyAGSxROyWkiy64HR1FLNANwFKy7J8YVnAj0Ct2sSAM5c2nE3wf7WDxz9+pp1/Ac/5yNlCbdjYQMXSdWYcYGaO7vkrSEA3eTAznwQNnUGQZDrv+0jRZBhH4vnZDErefK1YRu7631hd229UE0Ys7fX9mZ+kaRbL+vp3AWnI6KVQhChsyXeYn/bUmfPeSWPObaLeKJmzKzLUm7snZT+eL0dx7Bfi2tLxn6Gs/v8CiXK2u+U67PwpfNyT0AbBGMgUgMEFCgKWB5uwoUogURjazg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxpWT6inzbkaikNe8PzTBnV22kOkSzcwtU4phGeBURmI/lXYcdg8bL2xo81/dF8mEEsVdmu3onkxdwuNkEvBl7BTlrLEhBCp6gdw/NFlEATVtfIV+xHPnCboAnoXunCum8X/cOyyIiMSuIcP4/aLnJXaDtfIJFyiQ=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
                    NotOnOrAfter="2020-05-25T11:06:12.547Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:12.544Z" NotOnOrAfter="2020-05-25T11:06:12.544Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:11.700Z" SessionIndex="_47f3f844e6ce934ec7521fec6e8d98f4">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:12,553 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:12,553 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:12,554 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_207a07fa380fc5f0f7ff3d80d13ed934"
2020-05-25 11:01:12,554 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _207a07fa380fc5f0f7ff3d80d13ed934 and Element was [saml2p:Response: null]
2020-05-25 11:01:12,554 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_207a07fa380fc5f0f7ff3d80d13ed934"
2020-05-25 11:01:12,554 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _207a07fa380fc5f0f7ff3d80d13ed934 and Element was [saml2p:Response: null]
2020-05-25 11:01:12,555 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:12,555 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-05-25 11:01:12,555 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:12,556 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-105585-7HGfZv6G6pLjEQbMc4ER-IcwKYUqfdUl', encoded as 'TST-105585-7HGfZv6G6pLjEQbMc4ER-IcwKYUqfdUl'
2020-05-25 11:01:12,557 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_207a07fa380fc5f0f7ff3d80d13ed934"
    InResponseTo="_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f"
    IssueInstant="2020-05-25T11:01:12.544Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_207a07fa380fc5f0f7ff3d80d13ed934">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>N3KgSC6aVimv4Ia0k3cyaPMI+RVqGmu0LwQufWErso4AuU/eD09m1QAYjTG4jdF8rV9mdmENe5DIjoSLk7tHiA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>JUMx7JEpZq0f3KS2yI2UBV3cscAYiwFauBbzuPu3t/Stg+DIMB/j1foZGOxzkqSNuAQ+oDAgIIwoxNOFV91eKfwD49JsoANxfajerUrdEw9qBlGXkYUxwxdXY90UJFW4MlDoCnmWmxvi++FkDQV5PW6yJflmS9P19/ceSMAmy2S3mqo9cPL62DA7hcIXGt8KK0ebTCWFXCAgWI+DUoaUC+UIdEkK5J/UqUG3MoubuimUZ7sUL3Fx48zdnKx+jVa37CFzCCSKVLoK/R6DXsYjMiUSPWLvLmBHjjptj4RPW7IA11dg+pJb3fH5qV38BK1P7W9rFQWrt87oRRNJsv4myg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_66b94efcc02c8deb78b45111ff69a7dc"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_bc057a228fe39c2ae283a5ffdc14e882"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>jHzVqnuUEDlfwc0c/adXbqZamZwt4TXIZwffDeZxifzh7bGneHAfKacYDHLg8IJvD+tOU4W+8DgSNPsE2eoBx7aLjx41z08cnmm20xLU/zw8c10rR9cwJkp+cBo/sgM9QVgZ6XYW7cMBtmeQYWZlY497L1YV880EF0IyF8Fyu9U+bOrcq9fHWz2+F7CN+eQZyAmgF68HbIk41DvsKCQdqU6nCVvmPDUHtSFbEsnFv4fCBfLj6u1ccAX0X62F8QLdqjV4emF/y/A0Tj6Zi6JVGstXKeliVEoidDLCwpgrGzv1Euel04lOFWKIUXSNWt21wZzgfPH/pn2q0eIohoUleg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>lebCfjM7FmutSqgtpfCyl1kNi15UiiLuT3ml0AUjLMn9/BHJGsX0QUI+lrz8uaQXx8KdxmZfXof8Zu1nZmZprd1O560yfr2++lTxWhLTEGNPlj1DTHTU4EYK3bHLIAuxEwTFIC9K9yFJY0Ey0rSR0f0dT+uNXjf55XB6gCAr5CcSaUmAGX/lYl5cztw3UIngt0g5qgXz9yVf22Qy3QdXFWnEFWLoVe/Si0+tIhjUz9AwjrbSptNO6swnBIRVxXPDNCwr7Y3Ew6pLgEfmeeoQfoBieT6Pd1u0scgJpUlSXefJvc8mvmiNpPjBUPTPCQLuXn6XScrwPS7U3Eo/caqgidgpRvSqicxfOF/4996eYJWj1yqPmyfwkWKYrpMyrO8R+mYpuJtLV6zuv18zQtT16xkLMmL/BFPSZUYWFtMc8Mw9UcYiBvIL4y9CnQG/6CaxtRdqL7YAVsGYKe6hvnOQa98DAAlEma2W/j+pFsn1SBYUKzxqWAMIH6GrpX2Jy4GDG2Ph4juvAC2JiclfX+PI0PzCu9XwzN0oWXHaaRuurOWVqJwrMToYfiGEH7OM+gGeOkp6J6U54hZjCGKcAoQtRlGV27PS0OXLAl1HapV7yYnKXxUCbS3LqegS754cKLRFR5zaK7GN1rYfPDybQFhkdP9yNI5HJ47NTOX3bpPwTntyAx4WDgyBGOk2Ea76OXLXNLMYTxubpxe8NPH/7u+Lwejcqge/nXB5JS8C51T8lddae1gPFkm0EPZOjWWN5KX8SzSbdn4TrWg6KmjoD7ssE+/7Sr9ubWIzWvkZNW+OwP6HhNFqSPTWA9EKT51qAlvIgga9S4Ftg7BBsqocm8rflrutpzwGvdk6YtSTQlGAbsoOEWiHXi12GPbXpn8tfG+LlnsRQQ7C7g2Qqvdy6Nap4epdlmnamZ4cse3pPfnrPYjHsoqLJUpoXHhuyYU+gBX3yb1EQNf/5q4ECxdcVnRcfQsuo0m4Mu8WeGRZ64VSZGABZLD538rqYxc9bQawiFOJATZ6yfqhpf5k9fRH3oTgnw2Z+Mhia0VBoKylYg0Es6jOUuuNGrmgB2q6muA8DmALdcWC5XZCq2Kmx+gfW4kpDoBXN+PXbHRFVCoRr49tkGSWCqDGPoUEfP/zVvvTpabn7jTPQIYO8l/a9clvEaEESDTnuBIqzsNupdNDHyQWi4jIB9KRjchRgjVF2HR9T+47F0OdlsPVf24ukK0nSm3ezQdwDM9LqyqbYURIIe/86l9znjxJCs/914JjoJ4d6Lxiy/U3e4HRXnZqRT2ebHNbIjs3TfYJknRMFjWGrtWiCh0KR2yd2gnPpDxy3WDCrW4zHbfgafjQBynKGjuQJo/Z8yXmcb/pKzEbZkoyNNU2rBrc5b/gIebGWgGib6JwU07DIdE//ioksw43ollHexajqYQi7EfcmvXGCyIhi6Kp1NP+pttVrFzFYobJKh8TYblb9qdJ+NrDu3wj/fMGTNMxzEkEmnqB2jANxgVoPjwKp7M1VzWp9o+73ULUFSu5wM5pnyhyYuJwKKrO1Kr53XmawC5zjE2Xk/URJDc53PYoWRsdTGucIrZSBwijW79pI0Rq2gExLLvtS1oe2UGH4et0Iq2hLZ9Qt+7o+mAkfv7Dhg3LoxNPyJ2N0A1fO82daXAr3dzZalL73gb+Wl3jCuUPR3bNWarxPnghHbMkl/hRlKSv9rj4MMSkFSulI7/rlBYJxNvy1475zspzWjXlu/x7Y5FKYt3t71BiYSTV/n278tBeKpeTQCU8VkrwK41x84zEvmgEWkFmDi/EuogZDMYxw5hBaZXkwXZ8wSWtIr/L/C1ucf8aOb93WTIIcpKTBo2TA/5SGUXY5t9OTj84r/jklGJKR1Gm2Es2STPbom8Emr/3UXAroZUhIVfO8zA3H9BBux3z9rrihki+gqjWWwH8+ze5odX2xKwYpusfbkf5w1dxaMutj4UyVf+fh9KE5iHidj0y4ORvdK1z8OCdiUALkf2RB4qmgbwKx3t+RHof5ANoL7+MhCWEpqTZzegwyaUq1/oMjawdGrfJlDMlPKSail8lQ7v3L/G1CbkkHSlpkvZM0btl4qqaJlYxhfCoIyIMJqesn3ObZzw7gi6LNXUcHjhc1TMbx/xnEhPe61brXXi/03lAbPDTkWn8n8rzxzdxieIPdmAB2g1sMkBotZgDQtGCZ1kRWvNT9lVHn5lk84lc35qcZzr6ILdehXDgEalb3qhr/sVVBeRLqDKDWGsojSvzOuS2M5pEU3byi4iYf6a3g1UJVoJ+4oagGxWYwRNaV/agOfvr60DSuiHkK9QnL16X/G0IoILNAvgPAdHhoTr5eGaIaarn6fLMbYwe2ocTYyzcf+CK05eEI0wrM/0esF1227JQ0Bf3E5UVxnQUFNJSVfsl02HZsOle6t2xlUYwqem1t8eX51gHBYbJkrgQZPzAAQ60VuE+KfMaPj8VpeA3pqeEOVrifyEV+m7o5FMyCg6E4tfnaruV/3Er1sE2K8XUQoSKRVAJqL8Z022PCSWf2t3EjZBSn6ulJor6Rr63/oyJtGkG9L7moBKiBUKcT1hKY9Cc/rib2ELJcY9y/TybwMlzYBMtuimhPkSSRT0x6kFltFU/24df26eusqC/UQZk8jddNzwx4P2Kh2moeRuR11n3JV9c3NCwAkN/oMKLB6yss1hsYvoVCYYlomvalNynZf6/D0190f9pEgLlcGmXjlh5XVhdA84KmAX2UzNqoUezOn5l+Fawv4CiRw5qQnwv73yeP8AJUDyszV+dkmKPpI37YM9Ce/NOYa++NjPakmHoTItD+4bQpApj22rLX/zHdPE9YSe1v6a+qOjE504bK7gZWhlzkiUxvvFpTDI1rOH0atsKZem8DpBEJmSnCpVYCRNiTZxi57aK3wyZqFNrhy2OLCFvadW3Fi4nqZH504d1LfzsQVCG16vax0G+X/3mBL//9ppZChUxR+rCixE/Vm+WLynHfk/5aWeBo4o6tAYTVhk/n2hlY/cIsvIdDQNrTe4JIkvCbmcpAhswsTagCgGz0KS2Ng1uCmyxUNiPWSPw0pS3PzR744x1MvrwfEVQWXcw6aEffrL9YLe8qhH3Wtbc9eRHoafZ6IKR8cRnOJYc111/fMP+BegGY9Tlx6Ti7KF1rXSgy5ZRwr8C+65hg3G6K7Blzw017L1bCiYCKnTg6KoOelPXOp0Jeam7nkj7UOEXCBrnpEu7oaJ+KuxIDmT/cwBdPMtUTTKWHAHov9CFiy50Tk3XcbabK4CefocD07Cij53JtDTaTE9huy4pHbqEqlFL2VHLYwWCvlzXbsmYPZroias1L7E2QIdoG7hzwgOi2uzDUwvluFz/8DEpcJKtL1q+VHlHV1PrYX+TjcZJCB3UDUpPJusYKN1f2fsdCT1yC4kwwJr0xsJsbGDdY6Ys3UIyrbcUQUIE4379GCYGumR2K9zj5AKJHeheQwCcCEoMoP0Yhpdy2Lk2au5GqgPP3ljtyIZFlGTPTlptFJx2ARfBRRuL3rqlToLmvFKaez7ftpApYccb2F8O7YgHAsV514ySnn5dXfXVSiUmdhhM9H8RGqt24zzdvk7omNxgE1qWA9bGrq1yOrmtPqjgDZ7WKP5Mc/s9u5EQt4Yz7B0VLOzxYfU+ROXqkeHML/SD8eyHfI/p984gXAIcKeEwi4r3Qvt2o+BfdKF+l9tHpEe/Qb+fjsPyRj46XlzFyik5YPhUgeAvCuoFe662g1iaLHwUp8GnWdYHXjwQ5sRAxZHMX0KlBa+NEkJdlSHcGM+JtId8iAH4zLuP0kUlDtWaCaBe4nMXNZQXvrIyDmGOE+Jp45h97oBUZBI0tGVMhhSTxMeBNUrVzt5aLiwh/snzUPuO3Sz352gS7xciL9UulcSEmdViLhulEOnveWv2c3IiIiE/IsMXjlYBkY8+/zufURBJMWxrZL7XOoOeiRE1nQnBW0WfGddcpb5vZm2t0hC+rC2DFMh78NlD6pDxWEOJNRJQ+UHBus2NzvacZ2JdZHu2bjY7J6aGUZPaVan7gsFoEnCk8xQz/Zo1Z5Q2lsMk/95iLer3gUFMc9qiPGDfPBjGrhA+KS7O7wBTWfE9gvRw224g9+qBvHv2trosXTGmPriDLZD+j1xls1iuvpTHdlrHyTS8A8sJYU0sSCt2ZRokVlUu4zHo1ZRW8ScJXXkCrtC4pLWiaBWhl3SlcQHj6wCmQvx3L9M+B88ENuDxNKiSSk+CPwaRtiThh93+eyV6sYVxl4OpAUbyImEWZzjDjra5/437qKuyjP9GRfjZA+AEhXLhzJKxkwcKCV2/cKQXZ6vd6wHfNfsHV1vR3KbOH6li0zHrjpPv8ktGIis5bIJgPQLCa5OZTSZaND3AWCCkAUgDNAxPVUaORS9yVDa5e4zeuDNSW0Y2EjyOGqUM+fSiu/0no9Naqh9JV1hP//rV8f+ifvTJEv7HqRdqwLgTvtef4c3+LoZTKIViqbuYDd+j4TKUqIs9st4zZPVhWavGk3VBk9hX2nMEz0124/gYT5wjWOaSxj/1vEv2RolruAFeGeViHxxUgkW8yGIWk1167CmqIfcGw+THcMekGgPodGYnpJnC1KXdCs8MlXbqRXmUqwvN2rNw6he6rFYDDtuH99RiteKCaROO5BCZYo6ndS2nq90lX1B3FZO73xYNiVlv9POLq/MDbgWD0b+kNi0n0tM3Laz6CT/xk3xHgpPTg0Vu305OUTetCYSgiP6CJOMYCxy011ENa4nVlZiOXG6zoiOdJDwRR6zoaGGnaKg7PHhLZulMzKi8lpBVrQwt3DW1hAPzGWdrpzI6nbiYNIZOmiLVV3OHZb4dFoD39P1iuIbg+z/rloji0JpPiYQMidrr0/YvsQPByyYAE7SFxnk+0WKmJEHTr5Cc8FSUABgkG9+zm5nI8GcWLdCpq6QOoZbc+jYXN6FOX8BqryHU/ePIXMkgvk7f/LWYp7f+BwsxqakXA9ipbsrZO7ItJzIk47Y1zdkPQrOUX5lTHDBheMr2Sy8AAnFtu993RgUVb5bDiQE2tYXE45qYEr1+6ZkK02hHtV+AefetO+PUzN7uVMafiBElJNmJ8hXCrKUmcc9pTD2IKDLH3/FKZgfnN1SH3jY4V9X8ll0OImbAK/IelKAuauvA3U3r4ipWhX/rq1D2csr7JO4E2k1TPiqnsvTx5tVO84HyWhmtAyWsK1+54eEtxW0CM8jGR0Ij+rkkzQl+DgyNKvJ1YHtFud7u/yL0HeuKSd7UNYFC/VStTxjRUhzjM4IAMBYkWjuU97eJlJr5Y8NyOivjzvEEo4GnW2j3pjaOlXbRFOEs40qhoMJALf4T0NrJ2VmAXdWwzWXZ/0cyzcocz2/zGhNOQbUT7YYY4m3dQdYen8uHkRyKLvKqRWGtMnrC21Udn/+ewmGw5GRGvUqQ9s9izXBamMX9PWl/hEDl3RoyeVX88mxjveYD9o7QOD6kkNrjsvqTi/qAJsudquADdp9t9rafvCEdRekw9kaLoN+cHIXZPtXKzeMAeR540NvpHQjwPzsZls9iCqA8amfiSil0T+La79eJvwNW+X1vt2GMYb1c0pOfjLXtMFqAcKPcB3IBDQZesVJLoRTyXtZJ3WQXl0SWq95oHGbvxBS+F+8icUxlTITpZ72QbaHrlrW86p3i2PtQKpK4Y8dB7yvfCO/jN1Y5Lj37BonFiuhd2OfAmo9GJkHGBrvn88/VcfvwykRUaOD8mADsWZvZcAZ3vMz5Xtn918cVH3t0dUjTfKT8cIEOXtx8zpzzql7DJrQe/KjsZaAZUPTFu0bcibOi5v/qEgKhATrbitpTu2JpqBCtVYVtOciKEa3O5VNqdO313vNLdgjb0imVTav6GQmZqljFpUf6yl770oZU4pX5t/8c4iKzKTQxjlQV2D8lGQ5+WA8HMhd6NgbQsP3UYArgtlPCuK/AxEXeQZCgdQ73UapTJFVsrCxECr7YtMj57uUuHbfz5f5CDh4Gx4lbjqCDAeCNJb/38oDc+zjbP9kEHOL42bnQcMvbGlLO1nP8bSfl4PDykV85jOO+yG8qUZOKfwHNkE8wryopbwMO448fkFVzbqWrCTaVfN4NaCbMdvC3ZMHBqnCybaftlZoCHg6KoLxmlNy4S93ntZECu8vx7lUxKBPZs2crkfTs0LT6nKjXnmskQHs6mwCcHVtHVtGz142e7dS1fbT05kBJmrOzlPXBfN+hosfHm4UqaqqX/oTngqIUM/fo1bLsPjX+62vX0Gly0r5QMMZVvCAQ1y0wKh44HUIKV9QoJ81l/ZmgTT1yhsLFTIBajI7wUtS4I2637L+lcD09kMlB5Jk9OaWtGUUYH+sUsvOvzGZGefPFoh/rIccOHjPDlCt3thdmHga9C3Ucghc6qEVhm6OahS/eiMzd7sKp+X+hNqAA4EDgZUar4o3iZR8nxGac4xGR8bVVQjOyXxVDDljRQ0YHx6ktbfZ30m737XkaX/SxdpGkaefjmaXKnuPlJtRmcendRRTyAA8x01RUe0dwM/ANcM/8mbsZ+W3ZRH77EvI8cXvToeYbkN45eIzYrO8iogb70i4zKA6lEQtXVxiU3fmUFDGbcRBFUdst0vyxfpZH8LpPMqItpeupaGqKyzJd/8IHDyv5krvPOM1rUbjpSI3mr7N937oiMMjsAI8uljx6Y1nDSvJP1Pz/cURbl8jiQGyAOiirXjNs7qOHoc2T3iG8G6EEF3e9hNhl3jYntezVexmYCMrsniCdKcKy5NUcEwmiVv1uujzl5nuJ1LaRMP0p//D9vwiZdpweb0OqAlLO3+y6CiHMLK9mciHzGBuswf+n+rE2DXCvFAyHBu1JOtnEwrH+rN6z4F+HPYKgHFFw+NWZSbYoDjQSN3EUHQ4jLLbizdkOPeZdl3AFj8Ptlw6QODfXe0UJ19VxWhL/WoFXbYDw/yapzgGWy5lUF0Ml/Ez7NITHoSCM94e1p7G1pqR1cHvgJBQl7GY1G3JN6OPBejH44taGfY8MCKbE9ABfM3hvvytTFBjCAfenJ9OZ3JY+1P9eJzNZ6SWkOcq9lTyUwJLxfc2Zsa3OWCbMBa4Pmq1jeD3BHGxZpdZxIjobboncAoI2IBcqleXLrQrRn+jL+Jj9s2uAOkkhlmWKH078ibtGv4nmfn7Oewh46pSSXn8nc2kyG3konpAlBjSceoDhL3wtGG8Y53Py4JQ4xvLy3oMQ+Ncwtm3TkQgb4t0XAxWxD/x9g9Or74Dj9HwIDtzTh7H3WqZ+NoOYSsbnhrPOyzQtCve+Wk+q2qgGH3777HazOoAiObDblr7Hua0mXRz1v6w4WZnw+Pj8bkG1QHrWh9Xg6G1zsLkNxny1iqjlXzy+RIg8UIaJ98OLwFNKfN+33j1fs/oGm9gkVIrYPmam43S0Ci6Ko9YXW6/dnNrA2UIQI12xYPLgMnlRN0FEStAD+mAcNTa/orUistDi0dT9zwe/xg0kS9dWboAprQc6s39nujHfQTBZ+LsCwKt7MVHoeKR8QQ7uPnweP2le0TOLGGfXHs8rlAYeg9JR8m1sDCOoc3AB548bm/laWgdZHlVXWLo4dbFRhtWey2th3h8MB+8bfTR1HABy0j+X7TLxrIsBphbSD2nyPeYwyi/oQ+BzHaP71SfGRKCbaTSD65d80Cex4Dyib5DS1mXfg5TTsJNb2RcjggLH1PIJcdA0B5USTXdo1ZWRjyLHcrRTrqmvu4+2pSfbSA2CaXMdYuYbljlaUt9EX6mABcLXY6q2ToyXSJx8u2hc+Op5Hvtyz/QnIMKO/Vekoy5jkAn5p6adS9lHQWCle3Sy3VpxDmnM86OPKNmpHOXoJiPwf1goQ6XoMavVtNnT+zr9S4hUxX6ZNM07OSNP9mv0quJpfx5Di3tqHtTmpeTuSl1Nf62lfsSbZB5hfAPbyI7GfaVdhKBOH99u621xLEV6gpI7Xk3Lr90zVg13Ew/Q5UAqI2AAxipfd+Llky+nV6iCe8JRvmLzVzauCBZuSs8YT5id7JPGgJhUvIRJQZVDjvDocpGSPy6Zlrv68gjjFRU8HGN5s/YQIWMwYlvqn40UkZLlAQ+pwTx9nX4AcbEpP7+QQuEWdIJIe3BF</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-05-25 11:01:12,557 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:12,557 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110112Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_hfm9ef8xvu2fvbgkkaua7csibiei5s5yxogsi2f|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_207a07fa380fc5f0f7ff3d80d13ed934|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxpWT6inzbkaikNe8PzTBnV22kOkSzcwtU4phGeBURmI/lXYcdg8bL2xo81/dF8mEEsVdmu3onkxdwuNkEvBl7BTlrLEhBCp6gdw/NFlEATVtfIV+xHPnCboAnoXunCum8X/cOyyIiMSuIcP4/aLnJXaDtfIJFyiQ=|_5a73f76f1541e133d1d09750b0dc1315|
2020-05-25 11:01:12,676 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiZGI3YTg5LTllNzctMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:12,676 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:12,676 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:12,676 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-0bdb7a89-9e77-11ea-8004-81d9d263515d"
    IssueInstant="2020-05-25T11:01:12.545Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:12,677 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:12,677 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:12,678 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0bdb7a89-9e77-11ea-8004-81d9d263515d', issue instant '2020-05-25T11:01:12.545Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:12,678 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:12,679 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:12,679 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:12,680 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:12,680 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:12,680 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:12,680 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:12,681 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:12,681 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:12.681Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:12,681 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:12,682 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:12,682 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,682 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:01:12.682Z
2020-05-25 11:01:12,682 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,682 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,683 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:12,684 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@31a5b46d'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@31a5b46d'
2020-05-25 11:01:12,685 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:12,686 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:12,686 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:12,687 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:12,687 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _9cc0bb94e0d4306e8260855caf9a2007
2020-05-25 11:01:12,687 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _9cc0bb94e0d4306e8260855caf9a2007 to Response _c4b1aab803501e5a173c17b987c82e16
2020-05-25 11:01:12,687 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _9cc0bb94e0d4306e8260855caf9a2007
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:12,688 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:12,689 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-0bdb7a89-9e77-11ea-8004-81d9d263515d
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:12,689 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _9cc0bb94e0d4306e8260855caf9a2007
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _9cc0bb94e0d4306e8260855caf9a2007 did not already contain Conditions, one was added
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:12.686Z, to Assertion _9cc0bb94e0d4306e8260855caf9a2007
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _9cc0bb94e0d4306e8260855caf9a2007 already contained Conditions, nothing was done
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _9cc0bb94e0d4306e8260855caf9a2007 already contained Conditions, nothing was done
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:12,690 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _9cc0bb94e0d4306e8260855caf9a2007
2020-05-25 11:01:12,691 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,691 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,691 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:12,691 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:12,691 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:12,692 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:12,692 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:12,692 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:12,692 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:12,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:12,692 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:12,693 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9cc0bb94e0d4306e8260855caf9a2007"
2020-05-25 11:01:12,693 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9cc0bb94e0d4306e8260855caf9a2007 and Element was [saml2:Assertion: null]
2020-05-25 11:01:12,693 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_9cc0bb94e0d4306e8260855caf9a2007"
2020-05-25 11:01:12,693 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _9cc0bb94e0d4306e8260855caf9a2007 and Element was [saml2:Assertion: null]
2020-05-25 11:01:12,694 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:12,695 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:12,695 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:12,696 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4b1aab803501e5a173c17b987c82e16"
2020-05-25 11:01:12,696 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4b1aab803501e5a173c17b987c82e16 and Element was [saml2p:Response: null]
2020-05-25 11:01:12,696 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4b1aab803501e5a173c17b987c82e16"
2020-05-25 11:01:12,696 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4b1aab803501e5a173c17b987c82e16 and Element was [saml2p:Response: null]
2020-05-25 11:01:12,697 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:12,697 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:12,697 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:12,698 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiZGI3YTg5LTllNzctMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:12,698 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiZGI3YTg5LTllNzctMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBiZGI3YTg5LTllNzctMTFlYS04MDA0LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:12,699 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_c4b1aab803501e5a173c17b987c82e16"
    InResponseTo="id-0bdb7a89-9e77-11ea-8004-81d9d263515d"
    IssueInstant="2020-05-25T11:01:12.686Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_c4b1aab803501e5a173c17b987c82e16">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>gnsZ+aPbDvGmLi34hhUJQVMt4Sf95xqn2/2yAiNk61gg1rey6SZI6/HxwloKK2sD/TWaXFjXlN5yHz9Q7YZWbg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>nfTQJKu1g1yy5TuJ4lg+XyVOBaxRrynmMGTkItbDW5hb48BtITxt6onXB6AOT5P/NgvD8g0rDpQC6hMyL74OX5XGqRMvtGMJl7XHnTBCcGXERdXykfY4naLiAJ1TKd0pAmmDLjybRJlGYxYb/gBqMdzogZ07QCYGOOlJwKNsRjAUV3iTYuUOKyjfUuQgNR4B54o77SpbjiX4Ur5mcB55Fhp/c1L8Ia8he8jlMsrr7r1GFeL8FvkoM1HBvtFKWnuOsCEEaAD1IRih2oSk+IAfWvmKbs4yTnaYh8OmbP+uI4oB2PDtHDusWnINsQlOBMDJ09n0tj5S19swQi5S/1n2iQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_9cc0bb94e0d4306e8260855caf9a2007"
        IssueInstant="2020-05-25T11:01:12.686Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_9cc0bb94e0d4306e8260855caf9a2007">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>v3LTxrHgQ+AYBPXDApa+eetxNZHO+VjHeZH3ymMAoOY0UjPQ806bgkYSa7yfpH3hQaoW9n/GrUrtq1jputWI1A==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>gE7ctkVvvcKAluc2jwTEkeYlPmX5o+PQcf2CtXINoo4780Z5GLhxpLMkoZb/0sDuQ03FYmgBJmxoUDaPw/YwWsgp7LfPl3KO52mN+LT6/ufKqrRoEG1ULVctDPYPOzkcPVVJ+9Fuugrl/hoZH6o0NjwRn+dXxRPpa7RzCjEcCzi2AFYIv4qq+2Bz/XknwcoT0L6Z1gQOgy+WXuX+UeIUK1BrDD8zpoKeoMVkfY2Ty5zdPXTC3DC/r1aRGdY7XToUUM4WpXsDCBkiVbE21W+QnnkBskisl4JxvsgRzkJkZzaisJPNv+irHwQZagdoi30lABQoSYyIWr9XQpBQkZnx5g==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-0bdb7a89-9e77-11ea-8004-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:12.689Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:12.686Z" NotOnOrAfter="2020-05-25T11:06:12.686Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_af1b0a1df1f4c8abe6e7d0d38c5cafa7">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:12,699 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:12,700 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110112Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-0bdb7a89-9e77-11ea-8004-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c4b1aab803501e5a173c17b987c82e16|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_9cc0bb94e0d4306e8260855caf9a2007|
2020-05-25 11:01:14,108 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBjYjI5MDFiLTllNzctMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:14,108 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:14,109 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:14,109 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-0cb2901b-9e77-11ea-8005-81d9d263515d"
    IssueInstant="2020-05-25T11:01:13.954Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:14,110 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:14,110 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:14,111 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-0cb2901b-9e77-11ea-8005-81d9d263515d', issue instant '2020-05-25T11:01:13.954Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:14,111 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:14,112 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:14,112 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:14,112 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:14,112 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:14,112 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:14,113 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:14,113 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:14,113 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:14,113 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:14,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:14,114 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:14.114Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:14,114 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:14,115 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:14,115 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,115 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c to 2020-05-25T12:01:14.115Z
2020-05-25 11:01:14,115 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:14,116 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,117 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:14,117 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:14,117 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:14,118 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@d085c69'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@4726cac7' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621937484527' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@d085c69'
2020-05-25 11:01:14,119 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:14,120 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:14,120 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:14,121 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:14,121 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f6f1c121aeb54e0a76cf017ba116c67e
2020-05-25 11:01:14,121 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f6f1c121aeb54e0a76cf017ba116c67e to Response _e05484107d88a4da0c770ed111cec2bd
2020-05-25 11:01:14,121 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f6f1c121aeb54e0a76cf017ba116c67e
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:14,122 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:14,123 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-0cb2901b-9e77-11ea-8005-81d9d263515d
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f6f1c121aeb54e0a76cf017ba116c67e
2020-05-25 11:01:14,123 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f6f1c121aeb54e0a76cf017ba116c67e did not already contain Conditions, one was added
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:14.120Z, to Assertion _f6f1c121aeb54e0a76cf017ba116c67e
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f6f1c121aeb54e0a76cf017ba116c67e already contained Conditions, nothing was done
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f6f1c121aeb54e0a76cf017ba116c67e already contained Conditions, nothing was done
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:14,124 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f6f1c121aeb54e0a76cf017ba116c67e
2020-05-25 11:01:14,125 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,125 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,125 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:14,125 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c
2020-05-25 11:01:14,125 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:14,126 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession ae9f44cb6f5fcbba1148dd1ff6eaffb389a3cd3766413ad949c630eb4df5162c: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:14,126 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:14,126 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:14,126 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:14,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:14,126 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:14,126 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f6f1c121aeb54e0a76cf017ba116c67e"
2020-05-25 11:01:14,126 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f6f1c121aeb54e0a76cf017ba116c67e and Element was [saml2:Assertion: null]
2020-05-25 11:01:14,126 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f6f1c121aeb54e0a76cf017ba116c67e"
2020-05-25 11:01:14,126 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f6f1c121aeb54e0a76cf017ba116c67e and Element was [saml2:Assertion: null]
2020-05-25 11:01:14,128 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:14,129 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:14,129 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:14,130 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e05484107d88a4da0c770ed111cec2bd"
2020-05-25 11:01:14,130 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e05484107d88a4da0c770ed111cec2bd and Element was [saml2p:Response: null]
2020-05-25 11:01:14,130 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_e05484107d88a4da0c770ed111cec2bd"
2020-05-25 11:01:14,130 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _e05484107d88a4da0c770ed111cec2bd and Element was [saml2p:Response: null]
2020-05-25 11:01:14,132 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:14,132 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:14,132 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:14,132 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBjYjI5MDFiLTllNzctMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:14,133 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBjYjI5MDFiLTllNzctMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjBjYjI5MDFiLTllNzctMTFlYS04MDA1LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:14,134 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_e05484107d88a4da0c770ed111cec2bd"
    InResponseTo="id-0cb2901b-9e77-11ea-8005-81d9d263515d"
    IssueInstant="2020-05-25T11:01:14.120Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_e05484107d88a4da0c770ed111cec2bd">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>7cL0T541ELr2LLYDiO19RYTRHOYmzN9JxT+Jy43erUq6QO1WbSdH1j9d2mwC603bPYl0lkcNp3GMa8ljvFjuxw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jVbdB2o4pYpTcXW1qoix6E5cnyELlfnOrIe0ngZccl/46ObXLzaGKJu/Jn3FjZZ0obpwNySBozxa6w/5QnhjQD/bDoksDWeDR1lhFylFiGqI8fNT6x6bAeLoF4vHAw9su7UD5hb3AQMb6Da6016WioEiKmoA4Zs6lWTzYv4WZdGG/huUNH1O2ujRMnqzvXfRTkOkLFMoJ7cyRHNsaYh0lC+bGG4itNpfNsMDu94Nq8t2Dfkn5DGvnSf0xT5Qo+FIg9iPg89lg2Q71domyTXF04MWIAYHEiGsnvPZVth1rarbylHT18awr3/21GpRRZ63EDLONgt55ZdCt5wLzIZeWw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f6f1c121aeb54e0a76cf017ba116c67e"
        IssueInstant="2020-05-25T11:01:14.120Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_f6f1c121aeb54e0a76cf017ba116c67e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>GC/46lYKHzta9LhM1OttusNKOGNTh3T7h8vKCReCt12C6imfHH1JhhNWYw/Dt76sq25mA7PGfagdn5cr8ILsUw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Wf0u5+GRY7kSfhJLUhVaQUvuefwDIiBENQY7Gojr1sgpigFMIs9RgbXHbQangng3OpC8JOoKwAWSk7O6i31vQp6r4XlmmPg6C28AFnRNaROCbko3K32XJl5iL1cGGmytuCPmX0PWp1pf9dQAXQMKyS8DCornumawTTnCvy8I+s3iNZXMi84MAksnXTOMiWMfMcnVAaaewV5pkyYSZyFwfGJUxr7hRQwJFnAf43XQxMifl148fHNWHWy1m78ilJiNV9x0RpkbSNsANs9EbIukKnNa2GQk1brEfVPfhnOQ6K+m72zAQqQCq5+XTXzH/2mEBJGoQMDucd3W9KKwyB77pg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="id-0cb2901b-9e77-11ea-8005-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:14.123Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:14.120Z" NotOnOrAfter="2020-05-25T11:06:14.120Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:59:40.773Z" SessionIndex="_792642ef139aeb61b41be16369db2a59">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:14,134 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:14,134 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110114Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-0cb2901b-9e77-11ea-8005-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_e05484107d88a4da0c770ed111cec2bd|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_f6f1c121aeb54e0a76cf017ba116c67e|
2020-05-25 11:01:16,909 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: TST-105586-883DuofQiR1VTdirxS3lfwqd3we9YE5a
2020-05-25 11:01:16,909 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2020-05-25 11:01:16,910 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
    IsPassive="false" IssueInstant="2020-05-25T11:01:15.899Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    ProviderName="pac4j-saml" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer
        Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>YAlYY4w1nV54E3dSwcr4PKq6N+kFkZ7AqSFiJcOswDk=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
kAbUOOkVNYoKntWSWuRDPf6opPfJsYcQSrxHRgPu+XQDI+EM5y6Ffw7UoU8nI7snPY3pGQ2PwPGF
5oaVa6aAYneRG4wkAYsuEkRS3Y4rG70MNa96D9kVN7PRkPVR7pq1mHof4CWSiztw4mP0N7FlVE2J
vBoGUGC+v37HikP7ctOn6JEQZLTOl+qgndgG2t123sp3aNoSwoi1lyqZvFzN4tdE0rnven33qh6k
Rs1xL2/lSLX1ynnokIj/PbEe0ueHhCiNF/TTR7UcRvvMgss+F3lYGyZ42jI+CYBfcrSdJ6UICnUa
wtEh5RDEQGDpOY1Dxzb9TSPUKkCE2IrhikEAIw==
</ds:SignatureValue>
<ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</saml2p:AuthnRequest>

2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:16,910 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-05-25 11:01:16,911 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:16,911 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:16,911 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf', issue instant '2020-05-25T11:01:15.899Z', entityID 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  modulus: 25218632289878887470728701898989230903925460534470464262987089359900092236249155787311083615922566996588882686327254334965631006516764358542556784571993117841615795846983701202567812629440880488414844862491363773592778158558705049021795669354428797347719681579572749594906032259298025269480636673827053368207548760338633177397009149003080015959043356697060516917100235185397117902752192715861531350694962747781011832502440226911816306381078043102881237946262430586623622800161283685092311342398263730543997237261306772360529013060055263916368941241698720371281723901324390991801957832354836844648583493845781599295821
  public exponent: 65537
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf and Element was [saml2p:AuthnRequest: null]
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf and Element was [saml2p:AuthnRequest: null]
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
2020-05-25 11:01:16,912 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:16,912 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:16,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:16,913 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:16,913 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:16,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:16,913 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:16,913 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:16,914 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:16,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:16,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:16,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:16,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:16,914 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool
2020-05-25 11:01:16,914 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2020-05-25 11:01:16,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:16,914 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:16,914 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-05-25 11:01:16,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:16,921 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:16.921Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:16,921 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:16,921 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:16,921 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-05-25 11:01:16,922 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-05-25 11:01:17,085 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-05-25 11:01:17,085 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:17,085 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-05-25 11:01:19,513 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2020-05-25 11:01:19,513 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2020-05-25 11:01:19,513 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@673114756::identifier=rick, context=org.apache.velocity.VelocityContext@71f4f80d]
2020-05-25 11:01:19,514 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@673114756::identifier=rick, context=org.apache.velocity.VelocityContext@71f4f80d]
2020-05-25 11:01:19,515 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2020-05-25 11:01:19,515 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-05-25 11:01:19,515 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-05-25 11:01:19,515 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 8b7f54d401cff2c65e344289ae16d469b095c59a00700871c1a0c97cbfc5b092 for principal rick
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 8b7f54d401cff2c65e344289ae16d469b095c59a00700871c1a0c97cbfc5b092
2020-05-25 11:01:19,516 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:19,517 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@348a8b92'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:19,518 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'cas.traveldoo.com'
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:19,684 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-05-25 11:01:20,200 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-05-25 11:01:20,200 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-05-25 11:01:20,200 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200525T110120Z|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|AttributeReleaseConsent|rick|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1621940480201}'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool]' as '["rick:https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool"]'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@348a8b92'
2020-05-25 11:01:20,201 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:20,201 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:20,202 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:20,203 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _f757a5fec105b14675d7c529d3b4d10a
2020-05-25 11:01:20,203 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _f757a5fec105b14675d7c529d3b4d10a to Response _b4ea34f54e5b66031ed2c17dfd918970
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _f757a5fec105b14675d7c529d3b4d10a
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-05-25 11:01:20,203 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-05-25 11:01:20,204 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:20,204 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2020-05-25 11:01:20,204 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2020-05-25 11:01:20,204 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2020-05-25 11:01:20,204 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2020-05-25 11:01:20,204 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2020-05-25 11:01:20,204 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:20,204 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx83xbe1OF4Zli6UIERof0G3oYCo5Qeo4j7S6VueRKlJpZVMTs/66Yyha5vrH6SdDg3nmlXWKv0cC4GdRjM8aKFKS9xUiegZCDlruq4wIglfxLMER8NPnpLCeQQQqYJzKEtB7a78J/i0WHoeZS9Bpj8hEfWvRdyVg= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.12.208
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _f757a5fec105b14675d7c529d3b4d10a
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _f757a5fec105b14675d7c529d3b4d10a did not already contain Conditions, one was added
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:20.201Z, to Assertion _f757a5fec105b14675d7c529d3b4d10a
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _f757a5fec105b14675d7c529d3b4d10a already contained Conditions, nothing was done
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _f757a5fec105b14675d7c529d3b4d10a already contained Conditions, nothing was done
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool as an Audience of the AudienceRestriction
2020-05-25 11:01:20,205 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _f757a5fec105b14675d7c529d3b4d10a
2020-05-25 11:01:20,206 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool to existing session 8b7f54d401cff2c65e344289ae16d469b095c59a00700871c1a0c97cbfc5b092
2020-05-25 11:01:20,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool in session 8b7f54d401cff2c65e344289ae16d469b095c59a00700871c1a0c97cbfc5b092
2020-05-25 11:01:20,206 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:20,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool and key AAdzZWNyZXQx83xbe1OF4Zli6UIERof0G3oYCo5Qeo4j7S6VueRKlJpZVMTs/66Yyha5vrH6SdDg3nmlXWKv0cC4GdRjM8aKFKS9xUiegZCDlruq4wIglfxLMER8NPnpLCeQQQqYJzKEtB7a78J/i0WHoeZS9Bpj8hEfWvRdyVg=
2020-05-25 11:01:20,207 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:20,207 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:20,207 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f757a5fec105b14675d7c529d3b4d10a"
2020-05-25 11:01:20,207 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f757a5fec105b14675d7c529d3b4d10a and Element was [saml2:Assertion: null]
2020-05-25 11:01:20,207 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f757a5fec105b14675d7c529d3b4d10a"
2020-05-25 11:01:20,207 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f757a5fec105b14675d7c529d3b4d10a and Element was [saml2:Assertion: null]
2020-05-25 11:01:20,210 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b4ea34f54e5b66031ed2c17dfd918970"
    InResponseTo="_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
    IssueInstant="2020-05-25T11:01:20.201Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_f757a5fec105b14675d7c529d3b4d10a"
        IssueInstant="2020-05-25T11:01:20.201Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_f757a5fec105b14675d7c529d3b4d10a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>ei9z6WmY1hQ82ipv4GEoYWIZ6Myeu89uZy8fIzo1RJTAO3V7+VN5uKC/TcNu4kjRvUceBELQKpCEuPuzW0ELYw==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>slbWXP2BjJwerq0G9rk1IuZXHVktoginAMOhD0wZcPoXlQ1a2+XAbNkBj2zmDRGM41ZWp3kLLT3yhOdVCEmVxxFNtkjaShgG7J3wFGWTAeaeHJlUlWjygGSoUG/ZITNm+RsUrWpWm5Q2h8OcVlNui42ReSDsVPRrDXlImV0SLaKL6eZu/E+FKDsXiErmHZ2tRzU7DO7pktDpHcteLKNjazIQKpUEcqdoazut6HF2kNGP1ecY3yKGDmyDFlcnnuP7wJlhIk/YBCYisJXQtc7nlgK/0haExwGH9512zSqDgVKzL/WEy8aRH17jFpWSnRkuTjAwn8nAa/DwHDCU0Zx6Sw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx83xbe1OF4Zli6UIERof0G3oYCo5Qeo4j7S6VueRKlJpZVMTs/66Yyha5vrH6SdDg3nmlXWKv0cC4GdRjM8aKFKS9xUiegZCDlruq4wIglfxLMER8NPnpLCeQQQqYJzKEtB7a78J/i0WHoeZS9Bpj8hEfWvRdyVg=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.12.208"
                    InResponseTo="_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
                    NotOnOrAfter="2020-05-25T11:06:20.205Z" Recipient="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:20.201Z" NotOnOrAfter="2020-05-25T11:06:20.201Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:19.515Z" SessionIndex="_125a7e7baa0b163584c773a344319bf2">
            <saml2:SubjectLocality Address="172.31.12.208"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:20,211 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:20,211 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool
2020-05-25 11:01:20,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b4ea34f54e5b66031ed2c17dfd918970"
2020-05-25 11:01:20,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b4ea34f54e5b66031ed2c17dfd918970 and Element was [saml2p:Response: null]
2020-05-25 11:01:20,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b4ea34f54e5b66031ed2c17dfd918970"
2020-05-25 11:01:20,211 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b4ea34f54e5b66031ed2c17dfd918970 and Element was [saml2p:Response: null]
2020-05-25 11:01:20,213 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:20,213 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool' with encoded value 'https&#x3a;&#x2f;&#x2f;cas.traveldoo.com&#x2f;cas&#x2f;login&#x3f;client_name&#x3d;SHOP_DEMO-demoPool'
2020-05-25 11:01:20,213 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:20,214 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'TST-105586-883DuofQiR1VTdirxS3lfwqd3we9YE5a', encoded as 'TST-105586-883DuofQiR1VTdirxS3lfwqd3we9YE5a'
2020-05-25 11:01:20,215 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://cas.traveldoo.com/cas/login?client_name=SHOP_DEMO-demoPool"
    ID="_b4ea34f54e5b66031ed2c17dfd918970"
    InResponseTo="_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf"
    IssueInstant="2020-05-25T11:01:20.201Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b4ea34f54e5b66031ed2c17dfd918970">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>4zVBzWsKisJdzKagJhng6d5yYiP3LP65vkTmMeq3f3PgQK34stwreAjfdyXfXTd7DnmjTYFx0Yd1SWqJnSVHEA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>npLylkJmPxD7HUEbRV+tZzDtLny3z/Hg57ee6xWFd2vIckbIm21eXOHRp2SIsovYWBhPeh11x0WJKULlm9uOp4ZpVDCf7RckzAqnvUvwud74UxpWhJWqUH1YJnl9K2ARwwKeepjj3urep1vATXn6p6Xdg3Op0aK7U0WRdqczoGNvPDfAZBvAue6Vjumw27LfGxGEJhW8CugbBvpeeGwaMCZU6ab6hYxKOTbh5mM95cxCz0mEz3XkwOn2pOAHlZz0pmQHb4P5cLWR5bvr4kPFRIKf7d/wflokPwq0iCbuBMmvATs0qvJCocOeD2hnKapAyuC8M6TEAmFEih6NbVEr1Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_bba01ec8e942642624224d3bb10283b6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_78815649d4f890578af2c3cce79a1f63"
                    Recipient="https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIG3zCCBMegAwIBAgIQQz+6aNgS3/ekiR6yAYqRiDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQG
EwJGUjESMBAGA1UECgwJREhJTVlPVElTMRwwGgYDVQQLDBMwMDAyIDQ4MTQ2MzA4MTAwMDM2MR0w
GwYDVQRhDBROVFJGUi00ODE0NjMwODEwMDAzNjEdMBsGA1UEAwwUQ2VydGlnbmEgU2VydmljZXMg
Q0EwHhcNMTkwNTE3MDcyNDE3WhcNMjEwNTE2MDcyNDE3WjCBvTELMAkGA1UEBhMCRlIxGTAXBgNV
BAcMEExFVkFMTE9JUyBQRVJSRVQxEjAQBgNVBAoMCVRSQVZFTERPTzEdMBsGA1UEYQwUTlRSRlIt
NDI5ODk0OTY3MDAwNDIxHDAaBgNVBAsMEzAwMDIgNDI5ODk0OTY3MDAwNDIxLjAsBgNVBAMMJVRS
QVZFTERPTyAtIFRSQVZFTERPTyBTQU1MIEVOQ1JZUFRJT04xEjAQBgNVBAUTCUMxMjY3MzAwMzCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMfFIePsB5lY3rbjqKdqyao2d8DIW8xB1GzP
+m7dzx/KXvO2KSKTsvjJm76b/rBXkUeYAdQ3rOSthxFGW4vEVk/CURR9ezCzBNtgplcg7GvcJ36K
r1h1XRbGj1SM+dgFM6oFrtf9rpuNGoFKyjxFMu7oUuecALhUDlV/rH6D14qXKeH/lVwR10r5aNp8
OCqa1SjK+BJnCsIyBo6GB65AMrzSt/sP0m3fTiB6lanwVoBeTBbHIq0HEp+wCXChxxalbFGdfssg
EG5TYW1JiIVCKsNUwPFIC0CoWAonWQOzK7BUh8TvPzwrVvfxU5e1iJhdGhubYM58Ap1N1mxULdfJ
GU0CAwEAAaOCAhgwggIUMAkGA1UdEwQCMAAwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG
AQUFBwMCMGUGA1UdHwReMFwwK6ApoCeGJWh0dHA6Ly9jcmwuY2VydGlnbmEuZnIvc2VydmljZXNj
YS5jcmwwLaAroCmGJ2h0dHA6Ly9jcmwuZGhpbXlvdGlzLmNvbS9zZXJ2aWNlc2NhLmNybDCB5AYI
KwYBBQUHAQEEgdcwgdQwNgYIKwYBBQUHMAKGKmh0dHA6Ly9hdXRvcml0ZS5jZXJ0aWduYS5mci9z
ZXJ2aWNlc2NhLmRlcjA4BggrBgEFBQcwAoYsaHR0cDovL2F1dG9yaXRlLmRoaW15b3Rpcy5jb20v
c2VydmljZXNjYS5kZXIwLgYIKwYBBQUHMAGGImh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuY2VydGln
bmEuZnIwMAYIKwYBBQUHMAGGJGh0dHA6Ly9zZXJ2aWNlc2NhLm9jc3AuZGhpbXlvdGlzLmNvbTAd
BgNVHQ4EFgQUAQeJnFJGEehQVnb63+qglgTsPZQwHwYDVR0jBBgwFoAUrOyGj0s3HLh/FxsZ0K7o
TuM0XBIwVAYDVR0gBE0wSzAIBgZngQwBAgIwPwYLKoF6AYExAgUBAgEwMDAuBggrBgEFBQcCARYi
aHR0cHM6Ly93d3cuY2VydGlnbmEuZnIvYXV0b3JpdGVzLzANBgkqhkiG9w0BAQsFAAOCAgEAUSPu
U/GSk6+VFzYrRBLjORyGiA9EJ4dQ3TVrl4moUMuRj9Jvm9GWu4vAtV68YyOs0qTzMmUlm7H1THNq
LW9MPiTgxTv2JlHPu2Z4Wes13fhxclPg3W7qoCKeGwoZrLhuc7CMJPBUzLm7qB+sjfs3MfGqc+JO
5lKjfV4eZL7t0otILHRKxvR4iPNufzuT7/yodfElSqKozFkfz3C6TrrwnGqD6U0xXjIugDY4O1Jj
/X356MOTeFtmtAzIzPH9SMfML1oMf+t8HeOo5Kvzaptka6V3y/1cCuX918htJ6iEMI2VC6ayVQ8K
I5wNwuYuvzjysObbf4r52Gt/FcGMFou3IzU1PioGiVnvu/sJqy8XXvZXI+42XwcggEx28gfDcEF/
BWd2dqnXVPS8nIbPAcz1TaJ6jONUTRQEO/ijT1xncAYb0vYUPN9dAyrLBc49bPX3NdRzQEgoN9ny
hdL0xxf6tAyUbIrscHyW4OKI2Q+gltm1OHEwRaNbyEBarQFmVbuTJbu+23ivqGnZ44M8NLGtTjNT
qhM35kLwl/zoa+F3HMl45qxWwd3ru7WTJrLBwyNUl9Rg+KRuljm0EbsoRc1DuRvd2Ce9PmZsqHMY
Ypxuk+vEEpWHacOABdm/s8uS5HyZxocfPmvpMf3nEtLjA1kSAB473XWY9FNnIs0uOEl7S+k=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>dsfXBg/oVDPL5HnczjpmlcFFhfDfWVPG1iu2JyB7MuFm4B6LzuJSBoxdza3zN7Kv3IUnjtiQvF84O7R3R2fS0o5QRVaZwTadnEfNmqOxdrH+Xh88TrUqziPRxCmajhbqHpPT5tvWxQ1relS/HjhL+hFSAcX4gd3rB154Va+FTbMbm9JEg2gy1upZSSw2BPNp4ZfWvtDMMSr9wU3gTmnPs4pAHs93Evqj3CchqtX0VZNKiB/fLgaRjq8OCNGachhH5hUkVu5nAKTH3g8aXPFZSpFCW8p4v9lc8W1mM8Ri2wghSdJJoz+AFgbXnr8C5vH+eevGE9eIK+nJNUIpTGPYCQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>RXuCaPE46EVDz61ZShIHyB4HbfVKjk+O20R5Nnx+1+k7EyE0uBQhA/4tttIRN1bCh6HXg+ZNCGJIB8laXvP/GJ/qBYXONup5+3/cTnWXAhaF84kfUnaZkZezjocKDDGqS6nbpTxxIXbswgu2t6mLxGZ2UA/0a9/ml7XYMkIbedHOfkpzY8HzUK6JG3AkC57p4PpZKzA2Dy9o2zcI8JzctdeSsmENKu1yG4KwfdBDwGjmYRsm+z5Zfsr5YuhO9DM0u+yIIIhqlId81AV61N1uvyO+dQMzQBgE7IJhekjFl1m59N/Dx865Pib3odfMfPmtjqRK35+kSnJIpeTNolUlOviLpqk/zGFtOhRBGYPmaBzTOl9BX5hOy0Z92UEaolWGLhvGF1o8yfyxMfQw4xEbOMUytfmxUWDdXHiejp1/g+ef4jfLh0JU4PqX93ZJDrzVt6BkeEcffA9XakBHoB2czy38UZscy7Bydce99vadB7QvnLggse1n6khOXDKYMNHeiPpdG67qVvHiJg6rTVxPVdKicCI7Ikd1HoNo//gBcbAXWQfn3u+YW0VC5fPklIgBYBeko8JjKsqOh2e11eXjWr8gIfYdWEoVaEpfZmlMY8NgPBKJaxv6lga4XkOdZ1jFVNS0Spz+JKVJkuAJD01QvkoD1GRbEi2YnE08DLIF4FCtqmnj/TAyHjANoun0yIeVdFdbCephGJAXa+2UxJQDE9J9XvHpcoc7ER71tIvm8keyvfRY5wCMbddRM03hfsf0rISfqTbzbvfLLSNZz5ggJ4Vnj7yjYLpBj7/8jPIr8iRmpJslinCJMTZ5rnHtV8pvb+CqN/JxuO8QHhsB/EUvXK3pBWwvKRfA4g2RW0XOLvucBbZcZHG6+Skbee7qzhUTSBRYs5STMlA0Wcogz0rNaoujn6D9nSzAeyzProrz4MCLIkQcdJc4wdCKTLgkpA9HmTnbwVkbO2FkeMjLNzT4y+JLu+QUwbhSoBhmdMJ2iona6jCAh7O6z4piJ37233xxOQ6ZwpJbqpsg/oN3iJSAwhiB+XJKsuzyW2MT3BpgF9wrh9KeR/BiVaSbuN/yA/xMrRspeSRWDivP7K/C6IUGi9K2PSMH65n4gtMNnCGb+t+eojUrd4om5RZX+PPEFLnq/LbITRhtq3x6WVmDzZ2uqrCznqpcBhsS+VGJDbf5Y1lJDhAkjE9JosgDfLqqQvPHjRptNevoMfdMPEz15zA2siLdKe0bucveargOqmEw8u7eyxAW4Pwu/uX+el6+lDa7/Uky6mxtHapBMMg63Lv89gn2UYj0grs32O4+ET6HXsVJsr9OjBUDXF5vWErOLykdVtqMM3n/fYwgmbLZ1sqK4Kptk5RwneGUfvvVAfMBDnCvccGbJsUmgOjG4hxYH7CqkEe0JJnUn3K5UeS9tQlLuvnYJtWjUxKHQYmKpdH6HbBPSlVpafebWmUUtNEDUdqTLXEzCA74aGrgisHJWh8wCL8zNoCCJfMGGlHytCbo64+Aa0rdhKR2lMVxGWDbnqKOUxLmVaevbskywavUpoSEdQqKVvovwHJWf+7BXUXNVthvjrSaNIHMO4BGUOYX0XF35iasOM5Bnz1Q7dDai9B4J587V6EjUIhPb8CbbEy4rnmacIg5kz9S4ojZctHIYj5VOGGZUcfB01diHkuHh3d3yppr2/1b/k5qsmrfPwH95nDQQtQJzZOxtT8sMp9p/MF0mMkTXpST0XtRJIGYOZlVqiI14xdCsuSH5osuX1ISr/5ii1bMOFWD5WVd2TKL51agG9vTBRLaZKenYotCm/4HLRc3vNcj/Rd8Y46cUrwHnSCvAyuUTr2mEaikBQfEbv/VBRZ6Ns/nYqn+pXGDEPiNXmlqip3XiTgyaTZba/6j3a40eaDwbRbXi6JponoPIXpOiEwXYZVV2Uka4yYvBCXe4Ji64fOsZNJvOZv3lIRwWKds4iQZGFWMqc+/VK5QDNkI9uvB7DcqQpi6Vz8pBKVW7SsNaIdEeaC8TL3SI1eud+aro0IPACM/5vhFeA6xhQCcN4pMvdRKm7lmwvotHHrZ1h/EorlsWu/LR/jsfKpqvQ3sCd4JrHf18y3MrH3lb2bhdgoXORIDN/NrR8czRkhNfdYRSqvJyw1H+GggruWwRIvX8DSSyvG4Q6BPyoyhCf4uMDb+Ktd5tqqxpI2rkk+XXOMnIUW5+2vUnNP4XWOWipsn1NlhkBGWWVXwPJNziKrEKnzzThDK953qPXQ2dm5BU0j8XzOQZDBghIh7gvR+DuXqEkXKEk8+jwZ7vmuJUYd5x//qA+oajBpjDxqsc0Ykm9z/axhjiAOU2SxPsE0flWiw/WQgiyX/lAJtSYMyhemr1W4+5vLf5NKa2yJBOTxlayqXKGzDmclUMwg4jJHwm7sUY+DM9ur6xs6qBoqCetmqFeMoitdx7o1gtkiH/ZTvEPXho0l1gVMeUl6F7dc64fQDo7NnHa7gbQxkL79NI+BWR44EKEs7MaCFleobWsJ+hYQYwBjpiA3jzIpvCTqyBSUux4qLKkGxXDWKY96R/RAPZnSMnVaYs8Xe4eTTbAUBKvR6V4BWmWzLUpCT16HfdZ8ceCQTV3amfsyi0QOlwcbThuvTdkxG9y4rMlQQm4dDWkgSP5Q1LHCuC1Uv5fGuGbjSsVyHiywcjJ0CZCmC3ROLJEc251yAVS4VIP2K1E2FiER3z49Jp88OuWvmJz4g2SnN77LHHkbv9HBNE9EZzvVen6eSiKUwiySVL+xkKGBBwnjyBs7kl6VnI94U6htCVYCK5LAz8q9vEN9Iw5Ey+VuEi4TywqL43LMR7DynISzF7cuEJwQeQTnzgpvhFY+x4y7GR9f1C+rwXXq4kEpjgVfgisyTou67vPwBm096HfjKtPEfK6yCEW2reKualdwi7gsyJ3mvddVDGo7GAwQDT6JPxHq+kYyI5gTkS9HKcQRxcS2N5PemfQ3o9g0Jjhg57v8gCn19lTE1x3afnQMx0FVopN+gUBAfsGbhUdiO1wOkClxzsCkqOLCF0buUtlwr9VPWVjpw5cZjjx60N7WkYMdAsBD3VlAyW/a/3BanEV+LMKmMPIvMzy3XIgAcEPIzC4niEVnmJ8c75xoKyES5d2Dhh3stdQ1edfphMlTCgdXwsH5E8GuoE8ukO07dcsbXYt0X73jkDpnHxO/Od5yXPFIhaQFOGDMygRvHqxS+U+NMqDq79CMU/79N41b2LOlbt9kE3pw/b/wkpOg/14NBycZtgrD8zn3xZYwstNsaUdqBUJLUhCBsPzbIyyy4bVF38QBkPKfIfJXy8t3BGrW3EsZ7RygsfdcmNo9WQKpnwqCFxIkPKu0gMsF843AfaKBImobdSuHjMr3ct3FlTaFfMfLW6YMouxbOMFuJg8vwftyrlVH2nJI12I/AO64ij6N1l0lr3iKF44dqGtHgQC7ngqWcrnYCMcW1nm5xJgseRibtAxZPcJgJN/ybpojvQ7lYCwl8iH79vAHV4PvWWU6p2+UevUymjcBfvGXGik5EjVF8jy+5/m/yctyrSaXtNyBrcKUIZCu2fPe7g5+jtmljjwyhtaI7zQuNtSJRSOwoLTKYd0FHXA8V78PTKgJXKeC2vAF/XkAC3+lLZXvQBtKilDNTUwao9wD2omY2WA2sy+19CDhQxAlM6wnLJggWiuu1qbQ4nmgJWZRcSYnuEWkLfBWX40hUFA7JVGgIihRO1ftIkuU98//PIRTdWyHfQalVLPt75fd9LS7ReDtnmODZSVD/u3QJBJppX3LA6TIPWUjV/lfx9Fev0QJ+w7GtwvptBotsT1kAqZNw5IddnWdXk9gRhzJb0AJeKn07RiQSmBdPutiQhSi6AgqxqObBid2nGuM0qDraDA5nnV2eywFiLqut0ngJB233T2zOrONs3ZBONWBIrkz7FyJdDvlt/GwXsjSKvM75YK5wejdld7Il+Q/7sYJSwsGgDVamXVjoHaYSlhS9ZwhM5MvxwRE9CIhzbQathcQQZcOtPs9glozYspt2vqoGzy7mmd8LpbSawcHJ4D5Jag3ukKUwym0oo6oZWPmKkePwHIAsTFQjmL4X50TkdShljQNofbIUi5dJMkcmTCIbF4ptctm1BKHIQdDmiKGAK2VZVdG7cBbV7RuPuB/g953X5eUcBSI+yqJCZvxgtq0PNuXI6d9yRsuj+r/v7iywPqueALFyxNRC3VForHPdMExpbfzwiW1OMJao7n0s3jGoFrF3ZmBpMHscnIZ0v7RWmfNN8DyIhMswlouAMgn4uTZOCiNtU728U8HTNeTR4rd85P8H2pI5amKDNiXPEzi6Gim4yFZoFk49nnIkwpnYMB+zgMe+egD1pw1GwEgf/xnnDfJT2fz16/Fmz7D0UpSZ4quHlq6dQbIVUxZJ44K/HlBXmKVG+r495/ClMwp65beA/cFHqfjN4BUcJMHJD+OAFXQgVjcs+BYbnCdqY+b6qoT2B3vC8c7gNTn0qdePP/rIB/zow5Hg0Q0zStXzht7ZDP5LI4u4jkjs4qHoDfBEPfXTsWJQJlfyR3tW0VDcUAQBUDELjQEAvtroW3zqWbwXUvyCH3NdxpAE+4EKlyd0aACYC3iZa/B3g7oxGaYzL5SFRvkpXWkzrwlV4tbsrem81wg/37p/vpbWwm7JBCNYbgE7kZNJQutpU3DY3vM8jgyajHEq/W/KphxYzE01/IXzuOikCw3TayuHrzNKIa8G4SeqsAg9Sag+/BhQ1PuS7q8/gJ+hh4JC1zFXGk4BgqOMjvpSnQ7pN+a8sbB3YbyV/0mfYe5ZxRUmVGhg7YNlabAFP7n+zFttvISQAb+2Y0Vbq7+O7Ft/aNPUNrcrqe9Ot+lIoS3riL0EgRY2IXjVOxsbUd6jlny0BfWydlASArTqPeuxWLPLYzQoDLNZhoepdnKNYbTcBpWDpgh9GPeVhVLo/6mzoV1DOXlfpfzkJ4U5+i3FaAmj7XL9l3G2bZ3rsvI7GN/CiJGhdGQBnHRFhVDKXyFT/OySg8G4Z/a8weNY8UluUycH88Q2+7yHRtP7lriIdVVolZZdrs5Bx2lDoJQTClnln/W+4GxG8AARFmDVvFvHgJL9HLbfQARWnkPKgnHSevwCsIxZJJLcQVQ6dYzG08A7cTwZPxETfZNu2TczxX9YmZnZr3ZDjJteXFkg7al4zlMNOG92x7avdYqysv46rPAmlaK3nXp9XbxLI7sZEd7azMOCWUffSulPF9kSnJ0l9N2h2lgmHSOkbu1LlfDVP/OBJc8wzlsabZuBXq33Csd/rti9xt76TbrSKjLNGdd7oM13DrKNJf/fua+GaB+haD7mVfItaA486ib1Tj9fZxxbxX/rp+UUo6oq6Vkqjpqyd73bMAVnYvksavBJ0ARZbF0gAoRRc2R7qHAvT7RQAxPIv5WKipgL97hjv9sGQW78cOLLACHGcQt91uj1XKeIpTKMV+fcpTD21NGmtU+TFRCuyh1Lv7VUwwRO+UKcoj74ZFUg37zOXhTjoXfJfaRI8/v31UeB1KtoGUY4hwwvxvn8E4/wCsuAtTKTqOwvozq6t38wDtKz98Brmzede+GzuOW2Nms1Dsol1tCu4UiXDiebOB/D5QCmv5jgj28WHUHiR5+MQefOEKr0kWvAVlZOqRBmHA35HhOjlb3HkDYaVbSqFIUmCr9+sbLlL9jp/TGl9gGao7Ad2gmGU62Ufd8CxXwYgIfkcew8PxRGqoj4zZJsxXFJV/w0utAH0jc3F65QYZYEW9Ds4ZGooQAzw+8O18At5aqgiKZn4f39kmo8/QHEyHnVOgZGp53vhpYUMGKdlOY53H+LYyDR8VtDicWXR8tl1CLg3M2lunwceYUOEaW8KK1l/A52cu4sZ+FmgsUi6QRnkHngCOl55AT5W08KMYyi5l7tuJR0urF/zuec9H1QrMJeVnPlDWmb06oUt0vnGAtX5VznpQbi4OMH61/iFM4unZ0E98JUFamQPcIs3F1ZDx/CqS0T+ucVAHOc4cNyMY1J4hR2cT9wiiFxeUnZt0mQyHSrWqveXF1WANXev48d974n83lVuzsS1r4/OqyZwWfOnPduhgPovIglySU7Mf/xvEbQdYiL0/JIppDm33jerSYU2Um0OgM16pm5Qd1j6MLQqBM0opp53zmMIGu7YdMuzhyxZZFZtwl2IV0kklTRNz/Qm5p4VrRhu1UzkDXNQkHmSbP835yypIFGSSR/reVjGaUTd7oaoIQnl2wjs6BpL91GvBYdHw/LYJnXBPOfWgjVMPGdH7IoKviL08ErnsKR2EV8QiXS7u6UPagF35vP3bgJZvBcVwfRssH8SJSjscdinitVOTJ8xYY/nV/WtdXA9aLCZ1u73OgVOGBpDpx+YUjIz7tJQwGMXOnQiNlEFLUnEFB/M0AZTknRGm1gJB5WKNS99Dmcez27Z6ISWuEoAoY/VE+3w1+51tvxBuICVNfy0N0YdxHCx4DEkAIuRtD48IOJm77QHC6NbPPMg0zxOPPH6t5A4WdTNzCiR1F/UAMzKULOvfDp/q55n6WpDQlMT2apG5zNpjLhJP6iqPBmpINq30iRg5Bx/on1oA7rs3h2tNI123xm5pI9y5ksSS9GWjLpVdibKywoe5uEDLXya00eTr219Pb3fxbIAoBqiKwOcD+5hqtkhK4YrJXZVYzTzKKrv57ULYEBjMO8QGWk9+dw80BoDFTscpfG9CfDj+IGxOS0+eMyTviKrbfT9JQZ3CpqF0NRuHPxAuI1XhWpOkHh1keAcuZCnRg8AyFwmoET8ByeE4xzmv2GtPWdU0UlFcptUr1DqUb9jPqeWljgVGiamPolafokDGQ2N9dPVDHoF05bSkQIKxqbV1BJSW4SdrgMb9LeXiDdThtUR+Nt28alTBqk/Hwvl0AqTCzsswhqM9xb2aAbtNR9E/v83zt72yKJAr327pWDtrGApkxe4ccI4l+ghdrE2QdH9AddAz1n8pW71vps68CAk+prsGPJWTjFWDN2ueBuKokLFYnN43iVVtwBR4SdeYHA8j899aSqRw3kFHRAWkU3AObkiHzU1+kwoZU/Zb7QxRWUye00+94G7nlU5IhkYjqZvJSD408ztKoGxwYT4b4LVGQp2gX/LXCj+1fG4ynTMd7z7wRDNIA4FdDJUJsAo5Y7yzrRLTu40uaWvHd3PDdnpdiWNp5sOWRxjUW3+25WK1nuSom3y6SIGrNVSdyITLstKoncP7zSQAKmKrNO36iCseWSnHcOR8DW6ztiYdBKIQkA3AmGM6nt5pO73T0jPcdOXdcqRBugXz/sCP8dC2U++PTsCV3Mfu0cOD5LXt19ITXmlCnuYq47sp1LsBFnEIdC5Pzd8pkltvv92egHNJ+l4y9tuxKXb19JzO3LkhGEjwEkoxk8ALw97wE4PGAH+PdP9m8kjFq68QF5h2wU1PgyG8nHn3uw1ewx0NRD6GmV2sl+/5wR/hUAlDSU/T5yDC5f2fBWYkh6reOTK566fMNOwBiejFf1YlEszgn9lfnMHAcG3rdE5HJTTUKKxCDV7JN+wqm8r8EFEE9qT0VCHn/Ul0BthQAEdxDvLOK0bZ9YS3RyJNpxyH7NAewTVl8KXIcH1zkzR6goJr090Oj7JQZBzgp6oNGuRkafuYhejef3A9dFMiObviamrKTPKUpmRctLjUo2pm+Z3R+FR4QknHxrZvJBD63C7qXD7Sh9hqi1xw7KB0em6gGcWKBE69T199CB1VErg6Zq37WkOnF9jd1Xs/hDBQmbRZGo6xM63CcJRn+rjmBeHhBENsgx+xUdoFCU3wZ5Tlq7hoyH6+K60iadSkDI2dpXkSDnWJ6eOUO6eod2m9mSk8ksfETvPVBx+HU/Z4wnWqXtIxrIFs6dzIz928s2zKgVlZZpFkggNhLd+gLnWafkBYV/rHLZ29rZwVPV/hufa22CvS1APXITGIMfCd5WO0nlHGNgweVGXkBdKkhml8BWD0SpdDN2xnhlCC/obvcJCTaBcpvPruiSccQU5IMDc3zDwLkyPthtw+ykkDUsUNtGoPhYk10KmBS2aKsKTY9mq+eK3eqMQHadl/6ToxOMxPsW7BDmY3d5sbppKwum21v3vMdXFZmTmgAzPxwJ</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-05-25 11:01:20,215 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:20,215 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110120Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_lfi61qgodvbmkkzfbxpix6jrkvwz7o2ziknp0zf|https://cas.traveldoo.com/cas/saml2-SHOP_DEMO-demoPool|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b4ea34f54e5b66031ed2c17dfd918970|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx83xbe1OF4Zli6UIERof0G3oYCo5Qeo4j7S6VueRKlJpZVMTs/66Yyha5vrH6SdDg3nmlXWKv0cC4GdRjM8aKFKS9xUiegZCDlruq4wIglfxLMER8NPnpLCeQQQqYJzKEtB7a78J/i0WHoeZS9Bpj8hEfWvRdyVg=|_f757a5fec105b14675d7c529d3b4d10a|
2020-05-25 11:01:23,962 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjEyNDlmMWE5LTllNzctMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:23,962 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:23,963 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:23,963 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-1249f1a9-9e77-11ea-8006-81d9d263515d"
    IssueInstant="2020-05-25T11:01:23.335Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:23,964 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:23,964 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:23,964 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:23,964 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:23,964 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:23,965 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:23,965 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:23,965 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:23,965 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1249f1a9-9e77-11ea-8006-81d9d263515d', issue instant '2020-05-25T11:01:23.335Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:23,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:23,967 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:23,967 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:23,967 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:23,967 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:23,967 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:23,968 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:23,968 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:23,968 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:23,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:23,969 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:23,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:23.970Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:23,970 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:23,970 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:23,970 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2020-05-25 11:01:23,971 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2020-05-25 11:01:24,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'acme.8193'
2020-05-25 11:01:24,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:24,274 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Acme Webservice at port 8193
2020-05-25 11:01:28,081 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromFormRequest:?] - Profile Action ExtractUsernamePasswordFromFormRequest: No username in request
2020-05-25 11:01:28,081 - INFO [net.shibboleth.idp.authn.AbstractUsernamePasswordValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: No username available within UsernamePasswordContext
2020-05-25 11:01:28,337 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'acme.8193'
2020-05-25 11:01:28,337 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:28,337 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Acme Webservice at port 8193
2020-05-25 11:01:32,737 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'sheldon'
2020-05-25 11:01:32,737 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user sheldon
2020-05-25 11:01:32,737 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@670102101::identifier=sheldon, context=org.apache.velocity.VelocityContext@66087554]
2020-05-25 11:01:32,744 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=sheldon,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@670102101::identifier=sheldon, context=org.apache.velocity.VelocityContext@66087554]
2020-05-25 11:01:32,746 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'sheldon' succeeded
2020-05-25 11:01:32,746 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'sheldon'
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'sheldon'
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal sheldon
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 for principal sheldon
2020-05-25 11:01:32,747 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:32,748 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:32,749 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7515bc02'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:32,750 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService 'acme.8193'
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Returning name from AttributeConsumingService Acme Webservice at port 8193
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2020-05-25 11:01:33,052 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2020-05-25 11:01:35,737 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2020-05-25 11:01:35,737 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2020-05-25 11:01:35,738 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20200525T110135Z|https://127.0.0.1:8193/saml/sp|AttributeReleaseConsent|sheldon|displayName,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:_key_idx'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=sheldon:https://127.0.0.1:8193/saml/sp, value=[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1621940495738}'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon:_key_idx'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[sheldon:https://127.0.0.1:8193/saml/sp]' as '["sheldon:https://127.0.0.1:8193/saml/sp"]'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7515bc02'
2020-05-25 11:01:35,738 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:35,738 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:35,745 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:35,746 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:35,746 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _840bff95cf7143e08bfa2480cfa5829a
2020-05-25 11:01:35,746 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _840bff95cf7143e08bfa2480cfa5829a to Response _d378d78214b1d0ce78c7c34c4029db4e
2020-05-25 11:01:35,746 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _840bff95cf7143e08bfa2480cfa5829a
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:35,747 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:35,748 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-1249f1a9-9e77-11ea-8006-81d9d263515d
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _840bff95cf7143e08bfa2480cfa5829a
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _840bff95cf7143e08bfa2480cfa5829a did not already contain Conditions, one was added
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:35.738Z, to Assertion _840bff95cf7143e08bfa2480cfa5829a
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _840bff95cf7143e08bfa2480cfa5829a already contained Conditions, nothing was done
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _840bff95cf7143e08bfa2480cfa5829a already contained Conditions, nothing was done
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:35,748 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _840bff95cf7143e08bfa2480cfa5829a
2020-05-25 11:01:35,749 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:35,749 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:35,749 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:35,750 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:35,750 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:35,750 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:35,751 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_840bff95cf7143e08bfa2480cfa5829a"
2020-05-25 11:01:35,751 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _840bff95cf7143e08bfa2480cfa5829a and Element was [saml2:Assertion: null]
2020-05-25 11:01:35,751 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_840bff95cf7143e08bfa2480cfa5829a"
2020-05-25 11:01:35,751 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _840bff95cf7143e08bfa2480cfa5829a and Element was [saml2:Assertion: null]
2020-05-25 11:01:35,753 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:35,754 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:35,754 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:35,754 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d378d78214b1d0ce78c7c34c4029db4e"
2020-05-25 11:01:35,754 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d378d78214b1d0ce78c7c34c4029db4e and Element was [saml2p:Response: null]
2020-05-25 11:01:35,754 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d378d78214b1d0ce78c7c34c4029db4e"
2020-05-25 11:01:35,754 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d378d78214b1d0ce78c7c34c4029db4e and Element was [saml2p:Response: null]
2020-05-25 11:01:35,756 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:35,756 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:35,756 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:35,757 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjEyNDlmMWE5LTllNzctMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:35,757 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjEyNDlmMWE5LTllNzctMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjEyNDlmMWE5LTllNzctMTFlYS04MDA2LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:35,759 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_d378d78214b1d0ce78c7c34c4029db4e"
    InResponseTo="id-1249f1a9-9e77-11ea-8006-81d9d263515d"
    IssueInstant="2020-05-25T11:01:35.738Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_d378d78214b1d0ce78c7c34c4029db4e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>3542PmrUxsjl192Mw0KafJX580EhNfIws7I7iSWQl/zt+JsOEmqQ/kjkvL2A+ty0NYLI3W8RvQNwknJrlcdwIQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ZjMVg9E+6OvNyX6rTr2kW6eFMH/ilYVVWqtrUkOP8HiShKzbCu8cgMakh1sQ7hW6Qk0sp93X5hsX87vDu5c6aR9mg9KiZt6zU4hyJGPHUPtguaj0Syo4zQFtTkPQfymNqLw8WU2NvLz51B5rHOBptgUrtMHLT7X2UjrqManhCESMe6FIdlcXVQuhxO6UR/QL14wXdRVE0V3qOFGKTZhqZlhcD0BqvjgJtNOXgpYzQqj9aX78t0XhPLTLE52zqfpC0OakBoBQPzKCEhFy0XP3hcFg4Ds7dG8KNmg72aLt2APfb1jjwGTa2VuHTzb9mU+XFFa4w+QOR8T4SEuCReqoHQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_840bff95cf7143e08bfa2480cfa5829a"
        IssueInstant="2020-05-25T11:01:35.738Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_840bff95cf7143e08bfa2480cfa5829a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>wAwn+loztcvrZ2oqtgwCGQ57o+uc1L/M8dVODKmypPUhXFVpRi9LfrZ5rhvaOsJpK4ZnjifPA8rp2QabBnEFMQ==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>eHspRhIT8SYKOPmny3cAgM+Hqsu//Wpjo0+zkWN2J+tucvqMA7UQ3hZ0E3BhDqGgX7kaAGF0tBfT5u4zGyfoctIemyvDBm9gs+K8Hx4/MZVChJWFwRDNL8qfPr+iM2EyhQ/nsGu9+KA92Tza3WgvJlCEDrO38Mqp+AicH744R/9eLT7UQdhGPpFNqAmtAFkAh2H6lmGpter2cg+VctAACzL1ygiO/Vh+ILijE2oZdH1orLspoHL8iX4AOOPDRFXHf4COXOZCyya3tHHMDWTjwnrRp+4gDO4yIjiMCbm6INabQ1EEhHw3Zc0hg/XG4Df3ro1wnJ14LI5bA8phLCm3vw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-1249f1a9-9e77-11ea-8006-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:35.748Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:35.738Z" NotOnOrAfter="2020-05-25T11:06:35.738Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:32.746Z" SessionIndex="_32ae9c3ac9650fb1e575ece52025ff19">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:35,759 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:35,759 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110135Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-1249f1a9-9e77-11ea-8006-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_d378d78214b1d0ce78c7c34c4029db4e|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_840bff95cf7143e08bfa2480cfa5829a|
2020-05-25 11:01:36,112 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJDT01QQU5ZX0tFWSI6bnVsbCwiVFlQRSI6IldlYiIsIk5BTUUiOiJXZWIgLSBDaHJvbWUiLCJVX0RfSV9EIjoiQzk5M0I2QTE0REZCMTNDQkY1RkRCMDM4NkVGQUNBNUEiLCJTU09fVE9LRU4iOiJjcWo2eGF3OTlidjFjbWx5IiwiQVBQX1BBQ0tBR0VfTkFNRSI6IiIsIlNBTUxfRE9NQUlOIjoic2FtbHRlc3QuaWQiLCJVU0VSTkFNRSI6InJzYW5jaGV6QHNhbWx0ZXN0LmlkOnNzb3NhbWw6IiwiQUNUSVZBVElPTl9DT0RFIjpudWxsLCJJU19BQ1RJVkFURURfQUNDT1VOVCI6bnVsbCwiSVNfTE9HSU5fQUNDT1VOVCI6dHJ1ZSwiSVNfQUNUSVZBVEVEX0RFVklDRSI6bnVsbCwiVkVSU0lPTiI6IjEuMS4wLjEwNiIsIkVYVFJBX1JFTEFZX1NUQVRFIjpudWxsLCJJU19HRVRfTE9DQVRJT04iOnRydWV9==
2020-05-25 11:01:36,112 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:36,113 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:36,113 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="http://localhost/api/v3/sso/saml/consume"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="cqj6xaw99bv1cmly" IsPassive="false"
    IssueInstant="2020-05-25T11:01:36.305Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://localhost/api/v3/sso/saml/sp</saml2:Issuer>
    <saml2p:NameIDPolicy AllowCreate="true"
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"/>
    <saml2p:RequestedAuthnContext Comparison="exact" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>
    </saml2p:RequestedAuthnContext>
</samlp:AuthnRequest>

2020-05-25 11:01:36,114 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'http://localhost/api/v3/sso/saml/sp' from origin source
2020-05-25 11:01:36,114 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:36,114 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:36,114 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:36,114 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:36,114 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:36,115 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2020-05-25 11:01:36,115 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2020-05-25 11:01:36,115 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer http://localhost/api/v3/sso/saml/sp
2020-05-25 11:01:36,115 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'cqj6xaw99bv1cmly', issue instant '2020-05-25T11:01:36.305Z', entityID 'http://localhost/api/v3/sso/saml/sp'
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'http://localhost/api/v3/sso/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:36,116 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:36,117 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location http://localhost/api/v3/sso/saml/consume using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:36,117 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:36,117 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,118 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2020-05-25 11:01:36,118 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:36,118 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:36,118 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:36,118 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:36,118 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: http://localhost/api/v3/sso/saml/sp
2020-05-25 11:01:36,118 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2020-05-25 11:01:36,118 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:36,118 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2020-05-25 11:01:36,118 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2020-05-25 11:01:36,119 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:36,120 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:36.120Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:36,120 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedPrincipalContext created with operator exact and 1 custom principal(s)
2020-05-25 11:01:36,120 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:36,120 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,120 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70 to 2020-05-25T12:01:36.120Z
2020-05-25 11:01:36,121 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,121 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Leaving existing RequestedPrincipalContext in place
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Specific principals requested with 'exact' operator: [AuthnContextClassRefPrincipal{authnContextClassRef=urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport}]
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Checking for an inactive flow or active result compatible with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Checking result for compatibility with operator 'exact' and principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.principal.PrincipalEvalPredicateFactoryRegistry:?] - Registry located predicate factory of type 'net.shibboleth.idp.authn.principal.impl.ExactPrincipalEvalPredicateFactory' for principal type 'class net.shibboleth.idp.saml.authn.principal.AuthnContextClassRefPrincipal' and operator 'exact'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport' in authentication result satisfies request for principal 'urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport'
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,122 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName]
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:36,127 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@39fd0187'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:http://localhost/api/v3/sso/saml/sp'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6343a59d' with context 'intercept/attribute-release' and key 'rick:http://localhost/api/v3/sso/saml/sp'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:http://localhost/api/v3/sso/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1614317767432' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:36,128 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2020-05-25 11:01:36,129 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:36,129 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:36,129 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@39fd0187'
2020-05-25 11:01:36,129 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,129 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:36,130 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:36,133 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:36,134 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _12d9b08a93467e72aaeb540f9ae736e7
2020-05-25 11:01:36,134 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _12d9b08a93467e72aaeb540f9ae736e7 to Response _abae6e093d2999616c2d7235ce5b0e18
2020-05-25 11:01:36,134 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _12d9b08a93467e72aaeb540f9ae736e7
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2020-05-25 11:01:36,135 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:36,137 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID rsanchez@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to cqj6xaw99bv1cmly
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to http://localhost/api/v3/sso/saml/consume
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:36,137 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _12d9b08a93467e72aaeb540f9ae736e7
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _12d9b08a93467e72aaeb540f9ae736e7 did not already contain Conditions, one was added
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:36.129Z, to Assertion _12d9b08a93467e72aaeb540f9ae736e7
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _12d9b08a93467e72aaeb540f9ae736e7 already contained Conditions, nothing was done
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _12d9b08a93467e72aaeb540f9ae736e7 already contained Conditions, nothing was done
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding http://localhost/api/v3/sso/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:36,138 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _12d9b08a93467e72aaeb540f9ae736e7
2020-05-25 11:01:36,140 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party http://localhost/api/v3/sso/saml/sp to existing session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,140 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service http://localhost/api/v3/sso/saml/sp in session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,140 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,140 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service http://localhost/api/v3/sso/saml/sp in session 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70
2020-05-25 11:01:36,140 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,144 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 6fd15dda914971654b17ca84d8392324012db8d1f6b2374e4c5f189286a92b70: replaced old SPSession for service http://localhost/api/v3/sso/saml/sp
2020-05-25 11:01:36,144 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID http://localhost/api/v3/sso/saml/sp and key rsanchez@samltest.id
2020-05-25 11:01:36,144 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID http://localhost/api/v3/sso/saml/sp and key rsanchez@samltest.id
2020-05-25 11:01:36,144 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party http://localhost/api/v3/sso/saml/sp was replaced
2020-05-25 11:01:36,144 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:36,145 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:36,145 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2020-05-25 11:01:36,146 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_abae6e093d2999616c2d7235ce5b0e18"
    InResponseTo="cqj6xaw99bv1cmly"
    IssueInstant="2020-05-25T11:01:36.129Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_12d9b08a93467e72aaeb540f9ae736e7"
        IssueInstant="2020-05-25T11:01:36.129Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="http://localhost/api/v3/sso/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">rsanchez@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="cqj6xaw99bv1cmly"
                    NotOnOrAfter="2020-05-25T11:06:36.137Z" Recipient="http://localhost/api/v3/sso/saml/consume"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:36.129Z" NotOnOrAfter="2020-05-25T11:06:36.129Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>http://localhost/api/v3/sso/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T10:58:24.173Z" SessionIndex="_408948b82407c6436bf9681cf0cec807">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:36,150 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: http://localhost/api/v3/sso/saml/consume
2020-05-25 11:01:36,150 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: http://localhost/api/v3/sso/saml/consume
2020-05-25 11:01:36,150 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_abae6e093d2999616c2d7235ce5b0e18"
2020-05-25 11:01:36,150 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _abae6e093d2999616c2d7235ce5b0e18 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,150 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_abae6e093d2999616c2d7235ce5b0e18"
2020-05-25 11:01:36,150 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _abae6e093d2999616c2d7235ce5b0e18 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,153 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:36,153 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'http://localhost/api/v3/sso/saml/consume' with encoded value 'http&#x3a;&#x2f;&#x2f;localhost&#x2f;api&#x2f;v3&#x2f;sso&#x2f;saml&#x2f;consume'
2020-05-25 11:01:36,153 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:36,154 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:93] - Relay state exceeds 80 bytes: eyJDT01QQU5ZX0tFWSI6bnVsbCwiVFlQRSI6IldlYiIsIk5BTUUiOiJXZWIgLSBDaHJvbWUiLCJVX0RfSV9EIjoiQzk5M0I2QTE0REZCMTNDQkY1RkRCMDM4NkVGQUNBNUEiLCJTU09fVE9LRU4iOiJjcWo2eGF3OTlidjFjbWx5IiwiQVBQX1BBQ0tBR0VfTkFNRSI6IiIsIlNBTUxfRE9NQUlOIjoic2FtbHRlc3QuaWQiLCJVU0VSTkFNRSI6InJzYW5jaGV6QHNhbWx0ZXN0LmlkOnNzb3NhbWw6IiwiQUNUSVZBVElPTl9DT0RFIjpudWxsLCJJU19BQ1RJVkFURURfQUNDT1VOVCI6bnVsbCwiSVNfTE9HSU5fQUNDT1VOVCI6dHJ1ZSwiSVNfQUNUSVZBVEVEX0RFVklDRSI6bnVsbCwiVkVSU0lPTiI6IjEuMS4wLjEwNiIsIkVYVFJBX1JFTEFZX1NUQVRFIjpudWxsLCJJU19HRVRfTE9DQVRJT04iOnRydWV9==
2020-05-25 11:01:36,155 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJDT01QQU5ZX0tFWSI6bnVsbCwiVFlQRSI6IldlYiIsIk5BTUUiOiJXZWIgLSBDaHJvbWUiLCJVX0RfSV9EIjoiQzk5M0I2QTE0REZCMTNDQkY1RkRCMDM4NkVGQUNBNUEiLCJTU09fVE9LRU4iOiJjcWo2eGF3OTlidjFjbWx5IiwiQVBQX1BBQ0tBR0VfTkFNRSI6IiIsIlNBTUxfRE9NQUlOIjoic2FtbHRlc3QuaWQiLCJVU0VSTkFNRSI6InJzYW5jaGV6QHNhbWx0ZXN0LmlkOnNzb3NhbWw6IiwiQUNUSVZBVElPTl9DT0RFIjpudWxsLCJJU19BQ1RJVkFURURfQUNDT1VOVCI6bnVsbCwiSVNfTE9HSU5fQUNDT1VOVCI6dHJ1ZSwiSVNfQUNUSVZBVEVEX0RFVklDRSI6bnVsbCwiVkVSU0lPTiI6IjEuMS4wLjEwNiIsIkVYVFJBX1JFTEFZX1NUQVRFIjpudWxsLCJJU19HRVRfTE9DQVRJT04iOnRydWV9==', encoded as 'eyJDT01QQU5ZX0tFWSI6bnVsbCwiVFlQRSI6IldlYiIsIk5BTUUiOiJXZWIgLSBDaHJvbWUiLCJVX0RfSV9EIjoiQzk5M0I2QTE0REZCMTNDQkY1RkRCMDM4NkVGQUNBNUEiLCJTU09fVE9LRU4iOiJjcWo2eGF3OTlidjFjbWx5IiwiQVBQX1BBQ0tBR0VfTkFNRSI6IiIsIlNBTUxfRE9NQUlOIjoic2FtbHRlc3QuaWQiLCJVU0VSTkFNRSI6InJzYW5jaGV6QHNhbWx0ZXN0LmlkOnNzb3NhbWw6IiwiQUNUSVZBVElPTl9DT0RFIjpudWxsLCJJU19BQ1RJVkFURURfQUNDT1VOVCI6bnVsbCwiSVNfTE9HSU5fQUNDT1VOVCI6dHJ1ZSwiSVNfQUNUSVZBVEVEX0RFVklDRSI6bnVsbCwiVkVSU0lPTiI6IjEuMS4wLjEwNiIsIkVYVFJBX1JFTEFZX1NUQVRFIjpudWxsLCJJU19HRVRfTE9DQVRJT04iOnRydWV9&#x3d;&#x3d;'
2020-05-25 11:01:36,156 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="http://localhost/api/v3/sso/saml/consume"
    ID="_abae6e093d2999616c2d7235ce5b0e18"
    InResponseTo="cqj6xaw99bv1cmly"
    IssueInstant="2020-05-25T11:01:36.129Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_abae6e093d2999616c2d7235ce5b0e18">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>1LXQ/0bM4YCjijGqYkVxWfg/EKaniRkoY1ac05BAKGU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>jIA3czaG7614PS8EuttjbYsamgi1J1dnlbAUVsh7IOC7PI/g9o7FnUjJhtR4UjnTv3X1ONgwBAuXgDP/6m2eGVL7IjOIgefA6u2CqpYvVv/BeiaXZFUxSsBa7saddFITq+aUcMfqu7fpNtGTKV2a9NPzRkcAD29KeZvu4fB4C60qxzBdsxy/C2W5r1a2YXrsmX6M9suDAWtufzksbSdxw3EAevsnc2Te4gE05HMH8ZaeJ2hrT/0jsURU8J+1k+sgzT2xm4bCVPHwHkV5GR3Kl4j0y0hea8G1y019RuRYkhsc7Vragk6UZBLstmHvhbzW8QLl09StYlJnPkBdB+oacA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_fbf71f2fad6ea383ed5aa42c4ef564b7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_f9c39c49b66661ddcae70d2c8fb50549"
                    Recipient="http://localhost/api/v3/sso/saml/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIDazCCAlOgAwIBAgIEPky7aTANBgkqhkiG9w0BAQsFADBmMQswCQYDVQQGEwJWTjEMMAoGA1UE
CBMDSENNMQwwCgYDVQQHEwNIQ00xEjAQBgNVBAoTCVNhZmV0cnVzdDESMBAGA1UECxMJU2FmZXRy
dXN0MRMwEQYDVQQDEwpQaHUgTmd1eWVuMB4XDTIwMDIyODAyMjk1NloXDTQwMDIyMzAyMjk1Nlow
ZjELMAkGA1UEBhMCVk4xDDAKBgNVBAgTA0hDTTEMMAoGA1UEBxMDSENNMRIwEAYDVQQKEwlTYWZl
dHJ1c3QxEjAQBgNVBAsTCVNhZmV0cnVzdDETMBEGA1UEAxMKUGh1IE5ndXllbjCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANXJGJ++weqboH1ZPq2xlMrJ0gaCJS67lTF1+VpYBsnfhhnN
Tmht6mcMUak7qeatZf8kU6872s091L9ABbr5Y04WwRYf9XqNZ6u4+mHXH3uKU55CXrMV75h0iaWe
h73eJuzSRoWAspNr2HQSHlHgqN5aywYW1CCbVJkeHNJppkQ1bRqm3dd6DbEBCHNl96ZkHzjPgCe4
QgzUQmvff/LzvF6ddf06IxSigx+J/NgR2xo9NFjQfLLHtTI8opwijqv5DkB5RDfo3aumQbTRn7rK
fXY/6uUT+OVCGyibdulq60p9XtygLnJt79M72yojo7kIKArWyyVlK8RkQKtwH8rLw68CAwEAAaMh
MB8wHQYDVR0OBBYEFNq2XtcwQCpyar+avQIY0rtLGsmTMA0GCSqGSIb3DQEBCwUAA4IBAQCWdZB0
y7L7P5z/gnRVzlPRpxS6BBrcH0xRotZYlZoIw2Q5myutuiJZlACUbVp+CRxhYHpdJau1kZYKCrKJ
aWvbb1QpbHn3wmFBjJbjAxOjFW/l9WKpObnc+v32QCbZJCfNHb+WY6qNFAxtZqG0OPHw1U0lsFEj
7xFSBaEJawUz/RreL+I9mvDHyvAOWuKJElnnigYw6efQMe9Qg8GfF2GIjewQldDjVCHgFt2lognd
GiBNOo6AFNqU3K5p5FN42fKbatuaVwnU1X+pbtVtt5I/4zfEYYhYgyfBI8kpRb0Ela8hjE+cKQbD
+kQrP0Jz24V1gr+ZC+eyJBOPp8dBUdfD</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>NhrDnrPpFELBpKEgWNKeP9iH4rHOVvpoGE4eCDedhvod/HvZoX0aN8oBidyUoOgUgD5LGd+vYsBzQXXKaQvsHiYkzrtvXeowGODekLpGclU3xYYReiLgzWPLiPSkfbFP+denPSoJp6+TktaG/v3mqo2hly2sJKC06p2DJGNOpU0xDMYtHZ8GqLVw3PMHKMKF0Uglppal+8EpYlhFjGAo4d9B+1xwiN7DFDTQXJk9SOabKKUQawqGgS0Iii4imE+gxYtNoqONfLUTYFupwl+gQrj/seJl2K476muADDJIs382IwLZdcULAPk7mZBeCzfGpC56Hm0TxVIWDnc3KhhgpQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ySPzT42k26KRiIF00WTijLGpt8wlsqh5oepmwI6xxVqxKLGN1fOmJtWKFCMIjYJTAmVFh8oRM74Jdp22poLxdLyWOtcOO83NNqtymQQ+JFmXllNhfStpzsx8vMYUWfqhu9pkw0GMWaQXw3AQwGT6+TjLUnBVJhk04JyWUD+EUEjxC+HBiCTqk9bnIyRGcDAFveyv/bf42KZpEqf6RbD8MURnppMiEvOQi19OHqhMtHxuoX2i2FD+yEsrmNt7DyJsAobmTbZjrneTEsVsWI01mCVbc9h37+C31KcqtX3vuXQkouu6XqVQlQdbgkBhJYYc5SjArGaWmy8FrDMk1aXbz8j9PK7VpCWMSSHCFL4526AIsTZH6W7tn5iRzVrVfTlB8DX7C8wWYkgN8X0J2Ott1nWT8yFrYWNWa+KhNCWrXQvimdlsCriw1T8D4aZHEZv7eQQf+I5Mwq4auIax+q83XTkbTZMa6uhuz5xGQQ00jEnd1a3MdleS/rYUCrYKV+X0aNIWnZ0buuMFdc+ptYTCVEZhK47QUn7qN3/gRflY4UP4cHYfj0bs9rsFSbWu0XB1Le2hvJnukFfXBWZsAC0doflHHgdp82KXdHsbyvnEsO7lIgKxi/jHtI+xy2NijLq+K5DwmtAla20I9OshXfwavcdt6gkiT2Y1tEtmNEIdeK36b4vkKTGuYV+OHsOmcAiCWhTn/TiCAoo8fK05jVWEV5DSRwsa5me16K3u7Ag2spl/rISG88zow7moT39+wtoFgE3pZFs7d6Ke4WW6WMYAnTL6oER5lHPBgxllOryDPoeAQUzmrFLPC/eq/SGq7mak3YQ5WfmYMelNHsZR6NfGgzjCSKrTsQ9/fvDHla6tkXwnjZdi3dH4D7+/KBkE/xqKcpflJO2ygmd1e1r1k7unZ8ylmgkIrQgo9xs7gcEw/AqsYTOoKWtkgLjj7g4ua+pKi9+EaCmTCmA2kC95zakX30WMO3B4NYvAKeImUgH7rRKpSmDgXgiAEt8OjdRcMISHtMScjSu01+k0SW2QAGgtPBEIWHbSjpbyxFTeoSMCk7T7QPX4zksPpgHqWoUPekCwMPAdj4VVSoFwECBQ8eo9u4+33BDjFC0+VGlSAcyjRNNcZOLj9ORYJjnbw9tkRZoZK7OKA4Z7ZyNSSQ1YRdfAeqZJmowEQjC0AiAHzEIPndoX17prVSMO2fEjyNpMUPQDALVL0Hix98W3ne5FSV5T4mQ5Ktsh/eP0uS8PJKBczBD6ZOcb8zKh0m2OZrki/c5BngNODiP7yzzHNnutR3cExV7DPZ30+oFWUQSRSP35RqFYsLiqmRNLEiaiA6EaF+Guog/u7PeX0tyn7elELUpSvMANZFddyim/2iAjusNXlm4H0pFgju9SNO6DWXyGeEl6Pgo1IMuqMgyKyRFY6betgQnUUT4SsE1cfSQ+Sd+TvYWmoAugjklB9cqnoGAN02W0dbTwURgnPNPHJP+ULBK4PS+cZDi6k21eNF1APjuRFHn/V7ZQ84SyDIrFRDjOocPEjCXGokKO0HbHi38oNr4Qq1Uxvt03mDK3vj4tfoZUVsjnvQalcmcZJp/xrn1VzQdPyDBMt1sAeCERAnb4u0+1uUlzwtRtRn+tZm9/MebTrNiixdcptk7FIYnepnxoxnYHYedXMHkH/PHU1sSaA1+oKbewN9HgMy1HosnuSnwu8lDwCFOECL/y754omiNiDGgjtzkVUbm4Ah8z8ZZC6x4FNgzOsVjt5tAmCRI7/iLtOxBbMCnRDl5asLxoRGf458Z5+IfKJTzPGKLyQswrrhD/G99BmeACwn0Hhkq/58KKcFlQwSdUY51RLTUZ3ZISRxuWrV3aO7CL54f8NdbepclDWduXOAQWGvvQF/Sk+HH6EISj2Q3Wu+WpSLyD9i+pbRSWzpW6xkLLEJYizJmxwTPxb/EG5W5ZxUQ8OXSaXZIITi0EAmVA3/rgjrUAz4F6qqvU3HQ4cX1jxAyPrxeTlYzBF1F6MhkC5eppDd7AICCuL1wE2viJTnE9/kaFSYchsCmk79MhW+bObF4XTd+SWHGO07R63AadZC00FuhIjPZj/FaUtxBi2hQHvgJQkYzQhsk9ug8XuFiWN44Rob/KzzRlUsaMKSS1k563ChLhl9eQGu4DQTLquknlp/j8BFK3e33wLZZRumrqi7Ulhzl/qO7WtC+NkBdKSPun8fPTDzqTfg3rHPEcxHdr15U7tQT2rVbyNVa6xv/JCsu+1SG99YakDGQv6UUoqDeInihDBtPZsiQwxMuiLYxbYAcehrhKefSOqNdBih8E3WfMhkt9T37JdnU7pytM/UoYCgm3G683/hKvF0DJKa9KHpzDwbzYEzWvBTnsKQFPfTJV3cCR04bF8sV9pISA0s3qLlUYIlnX2eGxKy4sA10g1X0iZw2oBNEj5uMbQbYjCTr6mioTJmC47eWrqps+EyO9tfStYyRW5R7Qlmo5MRJ8+NzcTXezDqtmsCRVO/dtTC/YsSe/gqGang96/92Iqvzm7+HNRZdtimVzK7meVcL6GkmrC+tIEKR+ICikDx0kWg95D3pnevek2Th6HNwmC22IWTr2ewApsb8PaZfWxTjJoeiRJ+Cow7cqp+pjyinj5wVYU5DH0zONlC5GQ0FhQJl1Hqn71jy/DEhIKqqSjc9kJJtJOF999034Xn6C8wpoIU3pMxP19vi+qnTMLztKHETJPgenHlpi3PZCtYM2Wglym1ifLKVo53btNhKK5OVOPoCeFYfrkdJOHJCp3VHvIWo0xoBWd5J6N0aSTfh5280kKyC6/8uns1Vht4I2TgDpkQODFQEsEvTHRwVkHMNqNcH7hoeywDyNHAl2WX1Eop3mzjuzqnHnsDb653+kXOl2+DD3XysVyovRZ4Gk5moCnHE4oN+vOua+JApeNx93UGpQo9pdmGmOu5pdnAItZnpN6D/WPFugaMS91xrefiogrYjXX8tvZzXm7ZmZl2AA/iUOQiFjaUvUSNLAe2r8tXNAV7VovKo2F7/+JL7A/IRRntcwunzARD/6ncWeexx3OrJ/BXmhbVeThdlKj5Jva2h9KWKGXIGs8tKuM2MsWBhHCdszZQQXF7y7mmaTddpHXEAE8O3b2CAl0LLjntgnExHXUNUXVxk3PQUY20Hm9ZfL9XsMmivfxZWjrVOFXpb+anH8BSVRY7o66cg++S9zJklECUuB45T7FMz7LqCFPPCW5qCNZLf0dkGBsNFXUFvkcidi8UYZeyxkDCnU49K4I+c5/w/42RJ/3r9gA8tZLxGIqMPpjXrg8Corxw53dBEC7HKQ5Dk2FMZ/Y7UU4Ax2gAN2VOqYVP3gE4Lq3kxGL9j6mPKidP+vhZHZbGSRbv0YpKupbQqsv8a24qZbuJzMXshh/ubIQ7GOBOYYGqW5KopBrg7HmyKNapuEwlHWETcCHid+/UKKiOb5SyuBYtwNUQZGGLr9hrGZS/Z6WtkicDXg8BvjTEUIfCoCHaHS9NArZbN1YRyUwwM7G8i4MrhrsIvoAoba7g3CIRs4BV8HwOGFXypfQn/IcqQIixzul0VI9XJa8uhmjAFl0kaXdimGtmsnIhJch4z3o4TaEc02q96RpBapAQd3bm53M7Vpg/3fSQMUE4a53mxv5efPSydqHPfxFrDNSe+BoNo1kzIq8Do5BdXKxYTeLbpRQE5noRyuU0vHZbbG8xjlFfoF5/oGCcEISs/7qsk0/OLvZrsgePjWYPWCZHULt0QlfFMZ6ES0JLA+QX57Up5Z5YryfdN7PLs5E7NU/ngXA3bddq9ZCCusryrwvCDfy3PDK9fREAeE/S9ijl6bwIX5NMsYmD/eCECTHP8SnZFGZ7x35Acvhj+yPlmrc75GB62FfLptwbhf9Go/JCy1kd5F9c94mzZ2Y1lsq6Fo+NHIlAxgojqnSbqT79mbv/N1fbeAB2aLFPTltRxfbw6atEGttfCSaAEPnRYrKdhwt993OI8imRcB84RLvJo7iqTo6Hta5LdMKHx/ZVQ8baC4MACu0RbxGBO4p/l4tpOaLe9soEbt6RCSr4imIAmC00lyvaCdLvhN9u1eGTKa5kJRdkLRZ1+4+9R8xON5olNuJoxX5fotjRGMeRmNPV7+esvKlBxwc90+gVhsaH2UGA9cZeCayXk225ZAJSVO40jLauyxvWzJJBNPe/AavnbIDI86esTql/kPeMssM31iFMAYWWRDNxpTN/O9uF6r19SFn6YoZKRYGg7mHI9PoARR3tGeC06hlfJPJd5NEMHZpzJOTYKLCfQaNtigwtV6V7+w07RY7omIF9qknIOr9cNIyh+dj33CM0lGpmBJPD5VbuyPkfE8qFjfZoe50ZhhAJRfsyKezJ2PUcRkYUf6Win6tPqz2/uTPTEsdAInENv60av3KOUE2pxU1ZdfoWcl8wlcIIaR5bKBA2NRUvVi+e7ulLKYXjpyxBeWS/knvZIh23jfiUZJj+6dNuQSBx9EnGXLVMiosZMBbkC0jXMPynISfSYH0Cbanj1I+gftsSxViKpmzRQHnrE90SU8xWTNr9zBDygNYHwAoAbOhLj6lWsOFYeZ4YYS+OE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2020-05-25 11:01:36,156 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:36,156 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110136Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|cqj6xaw99bv1cmly|http://localhost/api/v3/sso/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_abae6e093d2999616c2d7235ce5b0e18|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|rsanchez@samltest.id|_12d9b08a93467e72aaeb540f9ae736e7|
2020-05-25 11:01:36,158 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjE5ZGMzZGMyLTllNzctMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,158 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:36,158 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:36,158 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-19dc3dc2-9e77-11ea-8007-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.038Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:36,160 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://127.0.0.1:8193/saml/sp' from origin source
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:36,160 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:36,160 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,161 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:36,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:36,161 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-19dc3dc2-9e77-11ea-8007-81d9d263515d', issue instant '2020-05-25T11:01:36.038Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:36,162 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:36,163 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:36,163 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:36,163 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,163 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:36,163 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:36,165 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:36,165 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,165 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:36,165 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:36,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:36,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:36.167Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:36,167 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:36,167 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:36,168 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,168 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 to 2020-05-25T12:01:36.168Z
2020-05-25 11:01:36,168 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,168 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,170 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:36,172 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4f559dcd'
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,173 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6b2f2941' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621940495738' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4f559dcd'
2020-05-25 11:01:36,174 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,175 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:36,176 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:36,179 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:36,179 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _342f4a8861210f9996c27fef480e42ff
2020-05-25 11:01:36,179 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _342f4a8861210f9996c27fef480e42ff to Response _05f3df376e9dab68c9a5db55275d591b
2020-05-25 11:01:36,179 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _342f4a8861210f9996c27fef480e42ff
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:36,180 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:36,182 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-19dc3dc2-9e77-11ea-8007-81d9d263515d
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:36,182 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _342f4a8861210f9996c27fef480e42ff
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _342f4a8861210f9996c27fef480e42ff did not already contain Conditions, one was added
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:36.175Z, to Assertion _342f4a8861210f9996c27fef480e42ff
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _342f4a8861210f9996c27fef480e42ff already contained Conditions, nothing was done
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _342f4a8861210f9996c27fef480e42ff already contained Conditions, nothing was done
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:36,183 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _342f4a8861210f9996c27fef480e42ff
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,185 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:36,187 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:36,188 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:36,188 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_342f4a8861210f9996c27fef480e42ff"
2020-05-25 11:01:36,188 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _342f4a8861210f9996c27fef480e42ff and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,188 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_342f4a8861210f9996c27fef480e42ff"
2020-05-25 11:01:36,188 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _342f4a8861210f9996c27fef480e42ff and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,192 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:36,194 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,194 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05f3df376e9dab68c9a5db55275d591b"
2020-05-25 11:01:36,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05f3df376e9dab68c9a5db55275d591b and Element was [saml2p:Response: null]
2020-05-25 11:01:36,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_05f3df376e9dab68c9a5db55275d591b"
2020-05-25 11:01:36,195 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _05f3df376e9dab68c9a5db55275d591b and Element was [saml2p:Response: null]
2020-05-25 11:01:36,198 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:36,198 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:36,198 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:36,198 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:93] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjE5ZGMzZGMyLTllNzctMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,199 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjE5ZGMzZGMyLTllNzctMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjE5ZGMzZGMyLTllNzctMTFlYS04MDA3LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:36,201 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_05f3df376e9dab68c9a5db55275d591b"
    InResponseTo="id-19dc3dc2-9e77-11ea-8007-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.175Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_05f3df376e9dab68c9a5db55275d591b">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>XqeZAEIo+6fd0GQKq27HR9Ni6GLa7puMLMUrfRWTmyIAdS5uKZSf2fjgEO+bz9OQ+vXsPv4QD+PUvyA53LsQKA==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>TFAm2zbVRH+ZLQ4hulR1X0LPns3SH5j0e4l1OcBbTe+ugnEv02UZgIwoq+6/RN164hpkfrKW24n8HYA/HGcbkL/9elXXVlNPLEoz/PKFbgcrovtBGsipuDEtU+GKyJjL2W1ub9uUZt6Z/4Hq80LTrzKIncgMG4CY8bxDDWOtKYXY3PQCeNtoirf7tIlEx/kSMLllZd+hQHTlCxRZsitzuP2H/h8Sisde9tHTqjPAt+jQ8t7sbmBYI7rR0SyYTrvx4j1HkxN0Rjq2wv17eIEQC408HUBEsIp7EwGCHSdWX3g/wHcnW8quCd/usSYtx0mU4cTIwfT8PLRcty3EJcq24A==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_342f4a8861210f9996c27fef480e42ff"
        IssueInstant="2020-05-25T11:01:36.175Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_342f4a8861210f9996c27fef480e42ff">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>bq9h6ClnXskuoRYw4RNb1dh5lX2kf6lC19YyvhyN0hf1d7QBSDR6QKDN0R2L8h2zy9DHBH6I+cqSOjLWvJuIoA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>grr/s60QPvsgrNXqc985JxFVj1rP/mJyoLvEp6DIbYCRWr5m6P7a4mhbRANdB/JYPh8Osn8mHKASLudwdzPAwbMrp09auWPMRpIWwtmnYE44EXJnL8kppnKgXvZwpQJPNi2noVMEumRr1lz3hL0m7mn2IFm+Ed8nkLubEzZgusvRuU+upuvvm9m4RHUYQhvIokqQOzBpzP73o5dZxdh8lwkYUqu5ZJbuDyWXVhGGmX2pEH3GLAhGpz2gbX4o2ziOKHNF5cmJrqmonF6kjd7bLQvEreMot8PrEPmdYO6iXLbu9112EtfHHo22MyH8u7YNuV984wF76WaaAWHm4IE3dg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-19dc3dc2-9e77-11ea-8007-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:36.182Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:36.175Z" NotOnOrAfter="2020-05-25T11:06:36.175Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:32.746Z" SessionIndex="_20f838a348f5bfc9b5a715829641f94b">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:36,201 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:36,201 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110136Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-19dc3dc2-9e77-11ea-8007-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_05f3df376e9dab68c9a5db55275d591b|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_342f4a8861210f9996c27fef480e42ff|
2020-05-25 11:01:36,532 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhMTdjYTg1LTllNzctMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,532 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:36,532 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:36,533 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-1a17ca85-9e77-11ea-8008-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.428Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:36,533 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:36,533 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,534 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1a17ca85-9e77-11ea-8008-81d9d263515d', issue instant '2020-05-25T11:01:36.428Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,534 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:36,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:36,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:36,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:36,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:36,535 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:36,535 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,537 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:36,537 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:36,538 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:36,538 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:36,538 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:36,538 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:36,538 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:36,538 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,538 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:36,538 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:36,539 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:36,539 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,539 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:36,539 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:36,540 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:36,541 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:36.541Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:36,542 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:36,543 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:36,543 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,543 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 to 2020-05-25T12:01:36.543Z
2020-05-25 11:01:36,543 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:36,544 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:36,547 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@47496ad9'
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,548 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6b2f2941' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,549 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621940495738' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:36,550 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,550 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,550 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,551 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:36,551 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:36,551 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@47496ad9'
2020-05-25 11:01:36,551 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,551 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:36,552 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:36,557 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:36,557 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9
2020-05-25 11:01:36,557 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9 to Response _4484e0b968da1d62d560f89e2c9d9625
2020-05-25 11:01:36,557 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:36,558 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:36,560 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-1a17ca85-9e77-11ea-8008-81d9d263515d
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9 did not already contain Conditions, one was added
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:36.551Z, to Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9
2020-05-25 11:01:36,560 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9 already contained Conditions, nothing was done
2020-05-25 11:01:36,561 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:36,561 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9 already contained Conditions, nothing was done
2020-05-25 11:01:36,561 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:36,561 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:36,561 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _1a4dd9c2c04daf1fb5e9c89225fc10f9
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,564 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:36,564 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:36,565 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:36,565 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1a4dd9c2c04daf1fb5e9c89225fc10f9"
2020-05-25 11:01:36,568 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1a4dd9c2c04daf1fb5e9c89225fc10f9 and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,568 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_1a4dd9c2c04daf1fb5e9c89225fc10f9"
2020-05-25 11:01:36,568 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _1a4dd9c2c04daf1fb5e9c89225fc10f9 and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,570 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:36,574 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,574 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,574 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4484e0b968da1d62d560f89e2c9d9625"
2020-05-25 11:01:36,574 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4484e0b968da1d62d560f89e2c9d9625 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,574 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4484e0b968da1d62d560f89e2c9d9625"
2020-05-25 11:01:36,574 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4484e0b968da1d62d560f89e2c9d9625 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,576 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:36,576 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:36,576 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:36,577 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhMTdjYTg1LTllNzctMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,579 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhMTdjYTg1LTllNzctMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhMTdjYTg1LTllNzctMTFlYS04MDA4LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:36,583 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_4484e0b968da1d62d560f89e2c9d9625"
    InResponseTo="id-1a17ca85-9e77-11ea-8008-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.551Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_4484e0b968da1d62d560f89e2c9d9625">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>H1aAMqMi10x2W7PEtRV/+D7lvLQjW5+18ZcZYO7Q9Yy+JoFFHagA+G+HbvQ2iOJqo8AsCWJk/2tN+8D5Xw7PzQ==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WpL0z2kRSFSwwtNjmZXj1qUD1a0nH3nj5yiJ/7OGTCFtgj6XAnmnU8pUKEV5xuMCTDLYtzPK+WxVK55aQehfPPaK0xZTLONOQUDY1JXQLDBckL2sueVW+C3aL64tBt06pDWyu4Uw05GrcyMQYybaISAs5H2CLDFjBP7YC9+XTplpVdRH30ba/pxVCdEVkKp9xz1Ngno9IGp2i155MecCwSoiAus9uD+FPVNHNkw55mc5L+Xvqx6LcRX8ndN0ONa75FRgBhHMvSZ12QGzdAOBpaB1YAgI25MxBOOPjhuUzrbB2XGFbAf89/jx3dy/AlyIbZYQbdKhGJABr3bkGmOflg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_1a4dd9c2c04daf1fb5e9c89225fc10f9"
        IssueInstant="2020-05-25T11:01:36.551Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_1a4dd9c2c04daf1fb5e9c89225fc10f9">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>Wd3eeXH4yLULcuYsYURr+ivGcCfYO6ye0X0fnn+ew/pYkURod2F7LjLqkpOY7VKhlPt61B5wNa4EOyZUmzMRlA==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>WT6x4M9/bJk6UW0eVlq7TLXbyyUjqtVRoi5ObqNgWuyaSKg5ZJReQBsfyP0HLJj7H852YyPc55d+aTXHQCzsPQ/8LdooomJaUnJtGtr2kcZlFMKzLUYJIy21izM4ehkhI32z8NKXwN9d9ccP8Gl3OLXgdk/KsTp1NcTnSkqJv5l7mhPvtZfz2MG8uZNFysK+e6+4+fYyMG5aeWwkswnibyu61doj10GvIP6ID21eisiAzdFtW5SJ1nVZtvR5OyEKg0RewEPV9MuqeDzDUvL+SpCEIo6T8tD/KBQmpXzBA8Sb+fDdXRfI31tpcszNu+8uuprufegHqrj2MJYM5t+Piw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-1a17ca85-9e77-11ea-8008-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:36.560Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:36.551Z" NotOnOrAfter="2020-05-25T11:06:36.551Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:32.746Z" SessionIndex="_38b9040eeef2bc3dbce1b52173b02fb1">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:36,583 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:36,584 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110136Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-1a17ca85-9e77-11ea-8008-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_4484e0b968da1d62d560f89e2c9d9625|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_1a4dd9c2c04daf1fb5e9c89225fc10f9|
2020-05-25 11:01:36,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhNGYyMDFjLTllNzctMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:36,893 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:36,893 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-1a4f201c-9e77-11ea-8009-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.791Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:36,894 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:36,894 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,895 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1a4f201c-9e77-11ea-8009-81d9d263515d', issue instant '2020-05-25T11:01:36.791Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:36,895 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:36,896 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:36,896 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:36,898 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:36,898 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,898 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:36,898 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:36,900 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:36,901 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:36.901Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 to 2020-05-25T12:01:36.902Z
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,902 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,903 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:36,905 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@734bbfc1'
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,908 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6b2f2941' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:36,909 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621940495738' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:36,909 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:36,909 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,909 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:36,910 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:36,910 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:36,910 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@734bbfc1'
2020-05-25 11:01:36,910 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:36,910 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:36,911 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:36,913 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:36,913 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _d652a0efafb66afe3502c0ac2a05e35b
2020-05-25 11:01:36,913 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _d652a0efafb66afe3502c0ac2a05e35b to Response _878940bff19c8e5cb29f901aa225ee50
2020-05-25 11:01:36,913 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _d652a0efafb66afe3502c0ac2a05e35b
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:36,916 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:36,918 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-1a4f201c-9e77-11ea-8009-81d9d263515d
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _d652a0efafb66afe3502c0ac2a05e35b
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _d652a0efafb66afe3502c0ac2a05e35b did not already contain Conditions, one was added
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:36.910Z, to Assertion _d652a0efafb66afe3502c0ac2a05e35b
2020-05-25 11:01:36,918 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _d652a0efafb66afe3502c0ac2a05e35b already contained Conditions, nothing was done
2020-05-25 11:01:36,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:36,919 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _d652a0efafb66afe3502c0ac2a05e35b already contained Conditions, nothing was done
2020-05-25 11:01:36,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:36,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:36,919 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _d652a0efafb66afe3502c0ac2a05e35b
2020-05-25 11:01:36,921 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,921 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,921 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:36,921 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:36,922 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:36,922 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,922 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:36,922 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:36,922 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:36,922 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:36,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d652a0efafb66afe3502c0ac2a05e35b"
2020-05-25 11:01:36,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d652a0efafb66afe3502c0ac2a05e35b and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_d652a0efafb66afe3502c0ac2a05e35b"
2020-05-25 11:01:36,923 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _d652a0efafb66afe3502c0ac2a05e35b and Element was [saml2:Assertion: null]
2020-05-25 11:01:36,924 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:36,929 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,929 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:36,929 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_878940bff19c8e5cb29f901aa225ee50"
2020-05-25 11:01:36,929 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _878940bff19c8e5cb29f901aa225ee50 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,929 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_878940bff19c8e5cb29f901aa225ee50"
2020-05-25 11:01:36,929 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _878940bff19c8e5cb29f901aa225ee50 and Element was [saml2p:Response: null]
2020-05-25 11:01:36,933 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:36,933 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:36,933 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:36,934 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhNGYyMDFjLTllNzctMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:36,934 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhNGYyMDFjLTllNzctMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhNGYyMDFjLTllNzctMTFlYS04MDA5LTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:36,935 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_878940bff19c8e5cb29f901aa225ee50"
    InResponseTo="id-1a4f201c-9e77-11ea-8009-81d9d263515d"
    IssueInstant="2020-05-25T11:01:36.910Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_878940bff19c8e5cb29f901aa225ee50">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>PVyBPlFZG7dW26/bZLkyKnAhnseTHtS896GzgzDHz6Pc+FR25e2gW3HdTBYVyXmFtbicwslfkAzdo4eS9ytBmg==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Aq0IyVMfOBznwd5yy7uMYl8zzRhzUtaiEfpM+vjaHAxyEY9UVs6Hn+pdsUsBelR/Df7H486fCgSzbGXr+uJhHaXFrtjVi50hboxYmr1ivOYEfUSkoXSBYDCt/SXZNaVkEHd7RfDQyI1puvFAVV7K+wJQhW87rieNdu96ngKOweZ4fk2+jJ1xO5FWtyGmR7BJekkBxTku/0YYjNYnb6m9ARKN+dgdWKDrev9ffRoLzVTRP1AO2dKnbXhIF2fgD4Y9CxTeQt66JS5wCh/liW4Qaj3sd8IX4csqVdAivpNP+bz/+tIPPOQdcgAf30obDWFVTshwseChmgVeBdgE8yY/Pg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_d652a0efafb66afe3502c0ac2a05e35b"
        IssueInstant="2020-05-25T11:01:36.910Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_d652a0efafb66afe3502c0ac2a05e35b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>8PytkdJEBLLKJ+x1PsKovUjHpMqWlXIDS/GZQHKZIJ9qN4YRuN8G+sVIPfsyIDg8ECa40g0+s01ZDdPiBRY/Qg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>hyn4RF3RO2s8e4rJMPMzxkEq2A3iH8MpW+3ekxmA/GTxncAZBj1FtKntEPqW0wbz1/bkOYLy9HKNuhTXZlDWP/evY+1YtgSCJT9Y3R3KKpU4aLNXILe2hnR6h5tc3ZdGBsmtfBkxCGPLlDuFtyAjSb0q5k8p9Dwb7hJYJ33GxBzO5bxLVBgAcnuqFW5C/bdRmCD8uT37bLQcM7sUdVfud5yKZJNxIAUEzeE/7LCdu5I7iZda+6gG4kcn8n0NJWLa3umQhpMHKSFnARi7RvRbhWfvurKsSkgXza8joeLyns7QRicphpkBCpg881b6oGCQ9+wc6DD95SWuCWeRQxDTFw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-1a4f201c-9e77-11ea-8009-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:36.918Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:36.910Z" NotOnOrAfter="2020-05-25T11:06:36.910Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:32.746Z" SessionIndex="_c30fbfbf7dd0db9b344ff765170a7b71">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:36,935 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:36,936 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110136Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-1a4f201c-9e77-11ea-8009-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_878940bff19c8e5cb29f901aa225ee50|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_d652a0efafb66afe3502c0ac2a05e35b|
2020-05-25 11:01:37,254 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhODYzYzNjLTllNzctMTFlYS04MDBhLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:37,254 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:37,254 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:37,254 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-1a863c3c-9e77-11ea-800a-81d9d263515d"
    IssueInstant="2020-05-25T11:01:37.152Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:37,255 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:37,255 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:37,256 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,256 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:37,256 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:37,256 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:37,256 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:37,256 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1a863c3c-9e77-11ea-800a-81d9d263515d', issue instant '2020-05-25T11:01:37.152Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:37,257 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:37,257 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,257 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:37,258 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:37,258 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:37,259 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:37,260 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:37.260Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:37,260 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:37,260 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:37,260 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,260 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 to 2020-05-25T12:01:37.260Z
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:37,261 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,262 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a486a7d'
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:37,263 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6b2f2941' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621940495738' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6a486a7d'
2020-05-25 11:01:37,264 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,265 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:37,265 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:37,266 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:37,266 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _fb7a4be58517a1a01d085952d851b0ad
2020-05-25 11:01:37,266 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _fb7a4be58517a1a01d085952d851b0ad to Response _52b30caf2a29fdfeaa940d24155870cf
2020-05-25 11:01:37,266 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _fb7a4be58517a1a01d085952d851b0ad
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute mail
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldor of attribute displayName
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Cooper of attribute surname
2020-05-25 11:01:37,267 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sheldon of attribute givenName
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Policy checking disabled for NameIDPolicy with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Checking for source attribute mail
2020-05-25 11:01:37,268 - DEBUG [net.shibboleth.idp.saml.nameid.impl.AttributeSourcedSAML2NameIDGenerator:?] - Generating NameID from String-valued attribute mail
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID scooper@samltest.id with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 172.31.28.90
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to id-1a863c3c-9e77-11ea-800a-81d9d263515d
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2020-05-25 11:01:37,268 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _fb7a4be58517a1a01d085952d851b0ad
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _fb7a4be58517a1a01d085952d851b0ad did not already contain Conditions, one was added
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2020-05-25T11:06:37.265Z, to Assertion _fb7a4be58517a1a01d085952d851b0ad
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _fb7a4be58517a1a01d085952d851b0ad already contained Conditions, nothing was done
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _fb7a4be58517a1a01d085952d851b0ad already contained Conditions, nothing was done
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://127.0.0.1:8193/saml/sp as an Audience of the AudienceRestriction
2020-05-25 11:01:37,269 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _fb7a4be58517a1a01d085952d851b0ad
2020-05-25 11:01:37,270 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://127.0.0.1:8193/saml/sp to existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,270 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,270 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:37,270 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://127.0.0.1:8193/saml/sp in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,270 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2020-05-25 11:01:37,271 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0: replaced old SPSession for service https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:37,271 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:37,271 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://127.0.0.1:8193/saml/sp and key scooper@samltest.id
2020-05-25 11:01:37,271 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://127.0.0.1:8193/saml/sp was replaced
2020-05-25 11:01:37,271 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2020-05-25 11:01:37,271 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2020-05-25 11:01:37,272 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fb7a4be58517a1a01d085952d851b0ad"
2020-05-25 11:01:37,272 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fb7a4be58517a1a01d085952d851b0ad and Element was [saml2:Assertion: null]
2020-05-25 11:01:37,272 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fb7a4be58517a1a01d085952d851b0ad"
2020-05-25 11:01:37,272 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fb7a4be58517a1a01d085952d851b0ad and Element was [saml2:Assertion: null]
2020-05-25 11:01:37,273 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAssertions: No encryption parameters, nothing to do
2020-05-25 11:01:37,274 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:37,274 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://127.0.0.1:8193/saml/acs
2020-05-25 11:01:37,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_52b30caf2a29fdfeaa940d24155870cf"
2020-05-25 11:01:37,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _52b30caf2a29fdfeaa940d24155870cf and Element was [saml2p:Response: null]
2020-05-25 11:01:37,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_52b30caf2a29fdfeaa940d24155870cf"
2020-05-25 11:01:37,275 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _52b30caf2a29fdfeaa940d24155870cf and Element was [saml2p:Response: null]
2020-05-25 11:01:37,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2020-05-25 11:01:37,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://127.0.0.1:8193/saml/acs' with encoded value 'https&#x3a;&#x2f;&#x2f;127.0.0.1&#x3a;8193&#x2f;saml&#x2f;acs'
2020-05-25 11:01:37,276 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2020-05-25 11:01:37,277 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhODYzYzNjLTllNzctMTFlYS04MDBhLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:37,277 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhODYzYzNjLTllNzctMTFlYS04MDBhLTgxZDlkMjYzNTE1ZCJ9', encoded as 'eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhODYzYzNjLTllNzctMTFlYS04MDBhLTgxZDlkMjYzNTE1ZCJ9'
2020-05-25 11:01:37,278 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response Destination="https://127.0.0.1:8193/saml/acs"
    ID="_52b30caf2a29fdfeaa940d24155870cf"
    InResponseTo="id-1a863c3c-9e77-11ea-800a-81d9d263515d"
    IssueInstant="2020-05-25T11:01:37.265Z" Version="2.0"
    xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
            <ds:Reference URI="#_52b30caf2a29fdfeaa940d24155870cf">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                    </ds:Transform>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                <ds:DigestValue>by1DgIZfIWorUoBsfAj8eymACmK6NjvdHG7AI4OI8wy87vwoaVPgtt95x53CMZXMFrTHi5JWXSKgVZfm6sdVNw==</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>BzGYkm0Rika8tK8Hba825xDgoglc4x8U20w30jQepONk8ICp8lroyI543kMrAlDLY1giUUx3cebm7/BtqedDBZeL3j9cTPQnQMcJO4r/xhxmD66MvzmQ19KY/c5nCoc+gML7Bl/2lyllstMw1LTErdSDQIEV7ea44zz7P1vx6mWYlaS6Sz4pmcaXJxEycD2bfh1C8hHOfKdz6/F9icuHT99gikArQrwkP+RGUk/giGa1dkXXjbRoNI0tO9I4tZzaYLnEfLSyLBfWbmJ9DrNsaFan6FBwuCmGArO9dkHy6+ON27NDj0J7hBmLYDItbaH7sUei1AsaoGElXsMEg1mUzA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_fb7a4be58517a1a01d085952d851b0ad"
        IssueInstant="2020-05-25T11:01:37.265Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/>
                <ds:Reference URI="#_fb7a4be58517a1a01d085952d851b0ad">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
                    <ds:DigestValue>LX/G+fDNq+ZY5hl78coOCjJN3c7QVpcsJ+SvCSosbSbTbJ6I2tCQh+SZbQNrxFzp0v9D+mrs3VF/z5/EhZpnvg==</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>L/ySODF1E8YXHlR1lK/pB5GoOsYXBIcVHMTJq6OH2ANMDOk7qwaSzRXwQo5yzWum4jVpI4wMoiBTFhC2eDj443cRqsPxAaHwuqdylLFHgoi+jR7GIBWVPYkz+w55Vs4qa+/Ydk6LGib+rT89YxKjkblVuZxdQ09o/qd057gbS24PTUWc24+5Ft1x/OTs7adPMJoz14YQqj5r3ivDUdXuHETTN0fgjfr2Ubrm9p7J/HuzE9hDgMlptnFFWjQG5rULzYMtAMB6r7saKFesd4cAPejqG/FVHOV3r6dIh4MckbMykSXw5oXvQBB1GqAXVP/HYJYkFvGPhHNkeyF67cv7Sg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://127.0.0.1:8193/saml/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">scooper@samltest.id</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="172.31.28.90"
                    InResponseTo="id-1a863c3c-9e77-11ea-800a-81d9d263515d"
                    NotOnOrAfter="2020-05-25T11:06:37.268Z" Recipient="https://127.0.0.1:8193/saml/acs"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2020-05-25T11:01:37.265Z" NotOnOrAfter="2020-05-25T11:06:37.265Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://127.0.0.1:8193/saml/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2020-05-25T11:01:32.746Z" SessionIndex="_0df92234ff9fa386757d04d957a5300a">
            <saml2:SubjectLocality Address="172.31.28.90"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>sheldon</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">employee@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>scooper@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldor</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Cooper</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sheldon</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2020-05-25 11:01:37,278 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2020-05-25 11:01:37,279 - INFO [Shibboleth-Audit.SSO:?] - 20200525T110137Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|id-1a863c3c-9e77-11ea-800a-81d9d263515d|https://127.0.0.1:8193/saml/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_52b30caf2a29fdfeaa940d24155870cf|sheldon|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|uid,identifier,telephoneNumber,role,mail,displayName,surname,givenName|scooper@samltest.id|_fb7a4be58517a1a01d085952d851b0ad|
2020-05-25 11:01:37,573 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: eyJ1cmwiOiAiL3N5c29wL3N0YXRpYy9pbmRleC5odG1sIiwgImlkIjogIjFhYjZhOTM0LTllNzctMTFlYS04MDBiLTgxZDlkMjYzNTE1ZCJ9
2020-05-25 11:01:37,573 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2020-05-25 11:01:37,573 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2020-05-25 11:01:37,573 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://127.0.0.1:8193/saml/acs"
    AttributeConsumingServiceIndex="1"
    Destination="https://samltest.id:443/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="id-1ab6a934-9e77-11ea-800b-81d9d263515d"
    IssueInstant="2020-05-25T11:01:37.469Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">https://127.0.0.1:8193/saml/sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
</samlp:AuthnRequest>

2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Request specified AttributeConsumingService index 1
2020-05-25 11:01:37,574 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selected AttributeConsumingService with index 1
2020-05-25 11:01:37,574 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:37,575 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id:443/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'id-1ab6a934-9e77-11ea-800b-81d9d263515d', issue instant '2020-05-25T11:01:37.469Z', entityID 'https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://127.0.0.1:8193/saml/sp' does not require AuthnRequests to be signed
2020-05-25 11:01:37,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://127.0.0.1:8193/saml/acs using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2020-05-25 11:01:37,576 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved signature algorithm URI from SAML metadata SigningMethod: http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
2020-05-25 11:01:37,576 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataSignatureSigningParametersResolver:?] - Resolved reference digest method algorithm URI from SAML metadata DigestMethod: http://www.w3.org/2001/04/xmlenc#sha512
2020-05-25 11:01:37,577 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2020-05-25 11:01:37,577 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://127.0.0.1:8193/saml/sp
2020-05-25 11:01:37,577 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve encryption parameters based on SAML metadata, falling back to locally configured credentials and algorithms
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Failed to resolve EncryptionParameters
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolver returned no EncryptionParameters
2020-05-25 11:01:37,577 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption is optional, ignoring inability to encrypt
2020-05-25 11:01:37,578 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2020-05-25 11:01:37,578 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2020-05-25T11:01:37.578Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0 to 2020-05-25T12:01:37.579Z
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,579 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'sheldon'
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session d2e6b888235145fde1e2298e0e4a041f37db1b1bf91f408b04fbce759822ada0
2020-05-25 11:01:37,580 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=sheldon)
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 8 attributes: [uid, identifier, telephoneNumber, role, mail, displayName, surname, givenName]
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2020-05-25 11:01:37,581 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e091ece'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@6b2f2941' with context 'intercept/attribute-release' and key 'sheldon:https://127.0.0.1:8193/saml/sp'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'sheldon:https://127.0.0.1:8193/saml/sp' value '[{"id":201},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1621940495738' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:37,582 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'sheldon'
2020-05-25 11:01:37,583 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2020-05-25 11:01:37,583 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2020-05-25 11:01:37,583 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@4e091ece'
2020-05-25 11:01:37,583 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2020-05-25 11:01:37,583 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2020-05-25 11:01:37,584 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2020-05-25 11:01:37,585 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2020-05-25 11:01:37,585 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _e197a7b43307b16d98b5a16e9b6846e6
2020-05-25 11:01:37,585 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _e197a7b43307b16d98b5a16e9b6846e6 to Response _ed8a51f1d2758cc0fbc1be4521b20ff2
2020-05-25 11:01:37,585 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _e197a7b43307b16d98b5a16e9b6846e6
2020-05-25 11:01:37,586 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2020-05-25 11:01:37,586 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value sheldon of attribute uid
2020-05-25 11:01:37,586 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value scooper@samltest.id of attribute identifier
2020-05-25 11:01:37,586 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2020-05-25 11:01:37,586 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value employee@samltest.id of attribute role
2020-05-