2021-09-21 11:00:47,443 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-09-21 11:00:47,443 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-09-21 11:00:47,443 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-09-21 11:00:47,443 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:LogoutRequest
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SLO"
    ID="_7160889dccd08afeb8b53570fef5aac7"
    IssueInstant="2021-09-21T11:00:43.759Z" Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://slo/sp</saml:Issuer>
  <saml:NameID
        Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxfQXODtfiw9dYA6YfwogtAJ4qVimTwA63ve8hC5RB6jz556tKLYHzwsnIUXNpBRWKVSQIA2kjO7BgnDklnPavcbmEhppDIGmxdhU7YnShwQ5b</saml:NameID>
</samlp:LogoutRequest>

2021-09-21 11:00:47,451 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://slo/sp' from origin source
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:00:47,451 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:00:47,451 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://slo/sp
2021-09-21 11:00:47,452 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:47,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:00:47,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2021-09-21 11:00:47,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SLO
2021-09-21 11:00:47,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:00:47,452 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_7160889dccd08afeb8b53570fef5aac7', issue instant '2021-09-21T11:00:43.759Z', entityID 'https://slo/sp'
2021-09-21 11:00:47,453 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=nZJfb9owFMXf%2Bykiv4OT0PzBgkih6basDAa0FHiZTGwTt4ntxk7D%2BPQL6bRWldqHPd57z%2FnpHMsj%0D%0AjctCoak8yNos6VNNtbGOZSE06i5jUFcCSay5RgKXVCOToVX8Y4rcvo1UJY3MZAGspPVxgQ2XYgxy%0D%0AY5RGEJ4Jpj30OYGcKNjKGS8oPPtduKSEVzQzcDWdAytNxuBX4Ph2GA5JlhE7xIzuw7038AKbUeZh%0D%0AnAWtTOuapkIbLMwYuLbr9Oxhz3VuHQfZNroc9ANvuAPWmla6y9LGBNGFZY3OYVBnr94U%2FLwf1ppW%0D%0A504g%2BtepkFCrEXyDe8XPWkKa%2FAfe%2BiKrEpuP5U7f6Tac9FgnRbXQimaccUpAFMfktLuf%2Fd5tFke2%0D%0A2MwTw3gzJNvY37JGHkz8%2FfJpzcvbJvYHzzTMr7zlxH84eZ5vbqbbb6dGi%2FRuM1OT5f3NerVIY%2Ffx%0D%0AYR5MDiJ5LMRP%2FJzty%2BtcqST9Wh5JfhdsxSpvFt7%2B7zu89I4uXsZ33yn6Aw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=Dbx5AS%2F51rQrcSemr8oCylKvsGjVN6BYHVhBBPryY1yHaKjJU2DE4pBPyfST5wMXhEv7yoPW05QQwgnWFKMOcODEUsae3zqDguDcbX0JROrFs3%2BZsUUDSnPO3XYpwXGiyQUNUKwTKGI99tp5BD2%2BNm8zHkOvpEOllKpdKc%2Fls8utoOVE92%2FuopZChZWUbnKe%2Bf5atK0WskC94TXydQgxO6jVLbOhObNkC13foQ0%2Fqd1enIr8UjEiBbfsqai648PW5iDGaW4IAqrjZeJeyhBk3N4B4N8tyKWJRudsky9okYiZTwiUs1nRIWgGpXTplahZL42DIA%2F4ZYqeXL2TUqohJg%3D%3D
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=nZJfb9owFMXf%2Bykiv4OT0PzBgkih6basDAa0FHiZTGwTt4ntxk7D%2BPQL6bRWldqHPd57z%2FnpHMsj%0D%0AjctCoak8yNos6VNNtbGOZSE06i5jUFcCSay5RgKXVCOToVX8Y4rcvo1UJY3MZAGspPVxgQ2XYgxy%0D%0AY5RGEJ4Jpj30OYGcKNjKGS8oPPtduKSEVzQzcDWdAytNxuBX4Ph2GA5JlhE7xIzuw7038AKbUeZh%0D%0AnAWtTOuapkIbLMwYuLbr9Oxhz3VuHQfZNroc9ANvuAPWmla6y9LGBNGFZY3OYVBnr94U%2FLwf1ppW%0D%0A504g%2BtepkFCrEXyDe8XPWkKa%2FAfe%2BiKrEpuP5U7f6Tac9FgnRbXQimaccUpAFMfktLuf%2Fd5tFke2%0D%0A2MwTw3gzJNvY37JGHkz8%2FfJpzcvbJvYHzzTMr7zlxH84eZ5vbqbbb6dGi%2FRuM1OT5f3NerVIY%2Ffx%0D%0AYR5MDiJ5LMRP%2FJzty%2BtcqST9Wh5JfhdsxSpvFt7%2B7zu89I4uXsZ33yn6Aw%3D%3D&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://slo/sp
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://slo/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://slo/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://slo/sp
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:00:47,454 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:00:47,455 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.ExtractChannelBindingsExtensionsHandler:?] - Message Handler:  Message did not contain any ChannelBindings extensions
2021-09-21 11:00:47,455 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:47,455 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:00:47,455 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService for outbound message
2021-09-21 11:00:47,455 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}SingleLogoutService
2021-09-21 11:00:47,455 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sp.ad.nexusgroup.com/wa/auth/saml/ using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
2021-09-21 11:00:47,455 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Request is not a SAML 2 AuthnRequest
2021-09-21 11:00:47,456 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:00:47,456 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:00:47,456 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Inbound logout message, nothing to do
2021-09-21 11:00:47,483 - DEBUG [org.opensaml.saml.common.messaging.context.SAMLSubjectNameIdentifierContext:?] - Ignoring LogoutRequest, Subject does not require processing
2021-09-21 11:00:47,483 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:00:47,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing secondary lookup on service ID https://slo/sp and key AAdzZWNyZXQxfQXODtfiw9dYA6YfwogtAJ4qVimTwA63ve8hC5RB6jz556tKLYHzwsnIUXNpBRWKVSQIA2kjO7BgnDklnPavcbmEhppDIGmxdhU7YnShwQ5b
2021-09-21 11:00:47,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:47,484 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://slo/sp in session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:47,484 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:00:47,484 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:?] - Profile Action ProcessLogoutRequest: IdP session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d does not contain a matching SP session
2021-09-21 11:00:47,484 - INFO [net.shibboleth.idp.saml.saml2.profile.impl.ProcessLogoutRequest:?] - Profile Action ProcessLogoutRequest: No active session(s) found matching LogoutRequest
2021-09-21 11:00:47,485 - WARN [org.opensaml.profile.action.impl.LogEvent:105] - A non-proceed event occurred while processing the request: SessionNotFound
2021-09-21 11:00:47,485 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:?] - Error event SessionNotFound will be handled with response
2021-09-21 11:00:47,486 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:00:47,486 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:00:47,489 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:?] - Profile Action AddStatusToResponse: Detailed errors are enabled
2021-09-21 11:00:47,489 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:?] - Profile Action AddStatusToResponse: Current state of request was not mappable, setting StatusMessage to defaulted value
2021-09-21 11:00:47,490 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sp.ad.nexusgroup.com/wa/auth/saml/
2021-09-21 11:00:47,490 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sp.ad.nexusgroup.com/wa/auth/saml/
2021-09-21 11:00:47,490 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:?] - Deflating and Base64 encoding SAML message
2021-09-21 11:00:47,491 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:?] - Building URL to redirect client to
2021-09-21 11:00:47,491 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:?] - Generating signature with key type 'RSA', algorithm URI 'http://www.w3.org/2001/04/xmldsig-more#rsa-sha256' over query string 'SAMLResponse=pZI9T8MwEIZ3fkXkvYmdtolrNUEIhIQEEoLCwIIc59JGpOfgs4GfT9pSKB1YGM96P3yPbn76se6iN3DUWiyYiDmLAI2tW1wW7GFxOZLstDyZk153aa%2Bu7dIGfwfUWySILoB8i9pvvSvve1JJQn2s6xjhI9DS2dDHxq6Td53o4FfJJidh0dVFwZ55KqWAsahyaWSWVWk1a5pq0ohUNJnhYpDhvmphB0MuMi7lrDam5lI3UMlqOp7mvIFmqrXJBwNRgCskr9EXLOWpGPHZKBULIRTnapLHE5k9sehxv3C6WXhAgKR2KxYsOFRWU0sK9RpIeaPuz26u1SBVvbPeGtuxckdEbQvdYcLfAZoI3IYXK795DS4%2FgIzbeoenrft5chhf7vHfe%2B0DHY3ntoboUXcB%2Fq6mrVrdwWsY2sCx%2F%2BU84Avad7x1LZq21x1Lyq9fHwYeddwAkV5CeYYROGddZI0JzkEdH3n3wqPnn%2Fn3JZaf&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256'
2021-09-21 11:00:47,513 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPRedirectDeflateEncoder:?] - Generated digital signature value (base64-encoded) l+dphulU+BU9cwbkqGENzqddd3aEF89fR+6fZwAJuHcR5CLXfzKWpRtIxreHm+5su3HduytpKS6OMcBjPwh3wngomv2teIhSsWwR2DdbUylBpnYXSLL6PPbFVo2sqkUcyWt+uz1KJDE10V8/6vUfKZzARW4GJErxr3IwUF2J+ujb4/OnXF/wjncLy3eJCeu6DCrDnlR4o50uWNBoyUE2y6fmXCaSeR2vQaFmLjUSKf5vfBlMTReygWljTYI0htGtFPjXNngJO1URGD/Z7kjK/VfX+GaufSmbVE5ZZGVRM/clG6fc9YInwvrfpSrrnp5xgIgW2ZPb1JG2kVS0oCh7LA==
2021-09-21 11:00:47,515 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:LogoutResponse
    Destination="https://sp.ad.nexusgroup.com/wa/auth/saml/"
    ID="_02881e31b78c866b2b9ffb4f121f6c01"
    InResponseTo="_7160889dccd08afeb8b53570fef5aac7"
    IssueInstant="2021-09-21T11:00:47.486Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
            <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal"/>
        </saml2p:StatusCode>
        <saml2p:StatusMessage>An error occurred.</saml2p:StatusMessage>
    </saml2p:Status>
</saml2p:LogoutResponse>

2021-09-21 11:00:47,515 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:00:47,515 - INFO [Shibboleth-Audit.Logout:?] - 20210921T110047Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_7160889dccd08afeb8b53570fef5aac7|https://slo/sp|http://shibboleth.net/ns/profiles/saml2/logout|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_02881e31b78c866b2b9ffb4f121f6c01||||||
2021-09-21 11:00:58,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: null
2021-09-21 11:00:58,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-09-21 11:00:58,008 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-09-21 11:00:58,009 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://sp.ad.nexusgroup.com/wa/auth/saml/"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ForceAuthn="false" ID="_01451ce70e791126c356dcf32d696aeb"
    IssueInstant="2021-09-21T11:00:58.016Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0"
        xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
  <saml:Issuer
        xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">https://slo/sp</saml:Issuer>
  <samlp:RequestedAuthnContext
            Comparison="minimum">
    <saml:AuthnContextClassRef xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
  </samlp:RequestedAuthnContext>
</samlp:AuthnRequest>

2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:00:58,015 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:00:58,015 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://slo/sp
2021-09-21 11:00:58,016 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_01451ce70e791126c356dcf32d696aeb', issue instant '2021-09-21T11:00:58.016Z', entityID 'https://slo/sp'
2021-09-21 11:00:58,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructing signed content string from URL query string SAMLRequest=nVJNb9sgGL73VyDuMba7uAuKI2WpplXq1CjOdthlovC6RTIf44UtP3%2FYTSofphx25Xl4vmCNwgye%0D%0Ab1N8tQf4lQAjOZnBIp%2BAlqZguROokVthAHmUvNt%2BfeR1UXIfXHTSDZRsESFE7ezOWUwGQgfht5bw%0D%0A7fDY0tcYPXLG0BdCFRZOCV%2BCS76QzrA%2FgolszkY7Rsl9DqCtGKVmFzMWM1BoxbTyLPv2egA2BqnZ%0D%0AAZQOICPruidKPrsgYarT0l4MCJQ83Lf0Z1l9WFYS7kq4W1VV3cjbZaNkf1urZtUIeM40xAQPFqOw%0D%0AsaV1WVeLcrWoq2NV8bLky49FWTU%2FKNmfW3%2FSVmn7cn2i5zcS8i%2FH436xf%2BqOlHyHgFO%2FTKCbG0LW%0D%0AY0E%2B%2BYfZ%2BteVxWVyunnfaXB55DWbyb3Le35%2BXlDTOvmhIpwi2TnjRdA45jHaapPMlOmSak7eDdn0%0D%0AAP3%2FZLxKk1yO0vk4WfQgda9BnXv8K8DUil2ptbm5wPOfvfkL&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=TwELTKMwwiyHS%2FeVPgyuzV4bwHv%2FAeDyxxD5TRJ4Eid%2BlwOTcXbwzG3Rve8FoiD6T7rJ2Irhop%2BTVHs5TBbO7yOzosiLpWt2SgNyzwFgS50itv5vJNDRX11%2Fy0Jpb4LxvdoFm8aNVochakhtwARQwbO%2Ff%2Fn%2Bij4%2BL4zr582RhfJF1U3%2FLLAG5FQvUt1h%2B6mhL9OLgDuvllBEOq5o3gsDwsG%2BWGYjIMWofsmlehAHJwicZJE3Tz3f%2F9DQn5zOglsW8YNOTl%2FO%2BYFrGO2Bkli6gNyrSoGJ8GQNh5ZCMwR%2BZgd1q4caedD%2BoyGeyICFlYAZ5gudgJKtug01GXiqSUk6cw%3D%3D
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:?] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=nVJNb9sgGL73VyDuMba7uAuKI2WpplXq1CjOdthlovC6RTIf44UtP3%2FYTSofphx25Xl4vmCNwgye%0D%0Ab1N8tQf4lQAjOZnBIp%2BAlqZguROokVthAHmUvNt%2BfeR1UXIfXHTSDZRsESFE7ezOWUwGQgfht5bw%0D%0A7fDY0tcYPXLG0BdCFRZOCV%2BCS76QzrA%2FgolszkY7Rsl9DqCtGKVmFzMWM1BoxbTyLPv2egA2BqnZ%0D%0AAZQOICPruidKPrsgYarT0l4MCJQ83Lf0Z1l9WFYS7kq4W1VV3cjbZaNkf1urZtUIeM40xAQPFqOw%0D%0AsaV1WVeLcrWoq2NV8bLky49FWTU%2FKNmfW3%2FSVmn7cn2i5zcS8i%2FH436xf%2BqOlHyHgFO%2FTKCbG0LW%0D%0AY0E%2B%2BYfZ%2BteVxWVyunnfaXB55DWbyb3Le35%2BXlDTOvmhIpwi2TnjRdA45jHaapPMlOmSak7eDdn0%0D%0AAP3%2FZLxKk1yO0vk4WfQgda9BnXv8K8DUil2ptbm5wPOfvfkL&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Attempting to validate SAML protocol message simple signature using context entityID: https://slo/sp
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://slo/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://slo/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Simple signature validation (with no request-derived credentials) was successful
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Validation of request simple signature succeeded
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Authentication via request simple signature succeeded for context issuer entity ID https://slo/sp
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:00:58,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:00:58,017 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:00:58,018 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 3 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:00:58,018 - DEBUG [org.opensaml.saml.common.binding.impl.DefaultEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Candidate endpoint binding 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect' not permitted by input criteria
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://sp.ad.nexusgroup.com/wa/auth/saml/ using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:00:58,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:00:58,018 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:00:58,019 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:00:58,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:00:58,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:00:58,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:00:58,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:00:58,019 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://slo/sp
2021-09-21 11:00:58,019 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:00:58,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Resolved data encryption algorithm URI from SAML metadata EncryptionMethod: http://www.w3.org/2001/04/xmlenc#aes128-cbc
2021-09-21 11:00:58,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:00:58,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:00:58,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:00:58,024 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:00:58.024Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:00:58,024 - INFO [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: Ignoring AuthnContextClassRef: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified
2021-09-21 11:00:58,024 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: RequestedAuthnContext did not contain any requested contexts, nothing to do
2021-09-21 11:00:58,024 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:00:58,025 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,025 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d to 2021-09-21T12:00:58.025Z
2021-09-21 11:00:58,025 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,025 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:00:58,026 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:00:58,027 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:00:58,028 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:58,028 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:00:58,028 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5ccf038b'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://slo/sp'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@43cb81a8' with context 'intercept/attribute-release' and key 'rick:https://slo/sp'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://slo/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663311772050' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:00:58,029 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:00:58,030 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:00:58,030 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:00:58,030 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5ccf038b'
2021-09-21 11:00:58,030 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:00:58,030 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:00:58,031 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:00:58,032 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:00:58,032 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _11256b4f3ff2458592d659270acbe33e
2021-09-21 11:00:58,032 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _11256b4f3ff2458592d659270acbe33e to Response _722c17b329f8133fc2a4f7705f5f8727
2021-09-21 11:00:58,032 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _11256b4f3ff2458592d659270acbe33e
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:00:58,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:00:58,034 - WARN [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Ignoring NameIDFormat metadata that includes the 'unspecified' format
2021-09-21 11:00:58,034 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:00:58,034 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0TdREIwqnGpV1CfbktG7BkNgU1tFdl3B4KpJfXx7/xhWG8Eov+Lf2LC5AN2ZKvgJp/5w2O8GC76Ij3t6xRuU8z+KqDcNJhDA61FfWfs07d1j with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 152.57.232.75
2021-09-21 11:00:58,034 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _01451ce70e791126c356dcf32d696aeb
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://sp.ad.nexusgroup.com/wa/auth/saml/
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _11256b4f3ff2458592d659270acbe33e
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _11256b4f3ff2458592d659270acbe33e did not already contain Conditions, one was added
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:05:58.030Z, to Assertion _11256b4f3ff2458592d659270acbe33e
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _11256b4f3ff2458592d659270acbe33e already contained Conditions, nothing was done
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _11256b4f3ff2458592d659270acbe33e already contained Conditions, nothing was done
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://slo/sp as an Audience of the AudienceRestriction
2021-09-21 11:00:58,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _11256b4f3ff2458592d659270acbe33e
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://slo/sp to existing session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://slo/sp in session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://slo/sp in session 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 116d533409a456ba8432ca121d792ce1455aad1c3b89bcba7d821fe32b58af6d: replaced old SPSession for service https://slo/sp
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://slo/sp and key AAdzZWNyZXQxfQXODtfiw9dYA6YfwogtAJ4qVimTwA63ve8hC5RB6jz556tKLYHzwsnIUXNpBRWKVSQIA2kjO7BgnDklnPavcbmEhppDIGmxdhU7YnShwQ5b
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://slo/sp and key AAdzZWNyZXQx0TdREIwqnGpV1CfbktG7BkNgU1tFdl3B4KpJfXx7/xhWG8Eov+Lf2LC5AN2ZKvgJp/5w2O8GC76Ij3t6xRuU8z+KqDcNJhDA61FfWfs07d1j
2021-09-21 11:00:58,037 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://slo/sp was replaced
2021-09-21 11:00:58,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:00:58,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:00:58,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_11256b4f3ff2458592d659270acbe33e"
2021-09-21 11:00:58,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _11256b4f3ff2458592d659270acbe33e and Element was [saml2:Assertion: null]
2021-09-21 11:00:58,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_11256b4f3ff2458592d659270acbe33e"
2021-09-21 11:00:58,038 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _11256b4f3ff2458592d659270acbe33e and Element was [saml2:Assertion: null]
2021-09-21 11:00:58,041 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_722c17b329f8133fc2a4f7705f5f8727"
    InResponseTo="_01451ce70e791126c356dcf32d696aeb"
    IssueInstant="2021-09-21T11:00:58.030Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_11256b4f3ff2458592d659270acbe33e"
        IssueInstant="2021-09-21T11:00:58.030Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_11256b4f3ff2458592d659270acbe33e">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>kProktymzTcC/hTmpelt8KcWU0vdlfmY0V4zEZT1Rmg=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>PEkvJFsjR8UgcN9kqprdi+LwuJojGOqZ9g+IC9NtQXVkTE2sePn2AODIzH65WASE3suLKg6YVLVmpgJNykzxQcg/LRz/WwO1SeE+wNBe/H+xMfdPoxIyXxTS3SyHFF3c+vTZhLQ3aAIHef+JnVHOrHhnwN4HDOw/eK2+CiZ+jYyR4ntMrfqSRC/xW1Nk/O4HwH09Xb2/mSrFahgFyvWI3oDPtPqI4Rlx3WOqPT3zIVKVshm2y+eWZImBn5vXSjJ2i1FS/arTMQKlDuTA4SxLwKXXD+Ox6DqxrsqeS86gMxYIi2NtGV68BNK4+Cz+41Nosb3S+A+oZOnCxnEFozuNYw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://slo/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0TdREIwqnGpV1CfbktG7BkNgU1tFdl3B4KpJfXx7/xhWG8Eov+Lf2LC5AN2ZKvgJp/5w2O8GC76Ij3t6xRuU8z+KqDcNJhDA61FfWfs07d1j</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="152.57.232.75"
                    InResponseTo="_01451ce70e791126c356dcf32d696aeb"
                    NotOnOrAfter="2021-09-21T11:05:58.035Z" Recipient="https://sp.ad.nexusgroup.com/wa/auth/saml/"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:00:58.030Z" NotOnOrAfter="2021-09-21T11:05:58.030Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://slo/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T10:09:49.706Z" SessionIndex="_0e321466d0773d71f1bfee526af5a995">
            <saml2:SubjectLocality Address="152.57.232.75"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:00:58,043 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://sp.ad.nexusgroup.com/wa/auth/saml/
2021-09-21 11:00:58,043 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://sp.ad.nexusgroup.com/wa/auth/saml/
2021-09-21 11:00:58,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_722c17b329f8133fc2a4f7705f5f8727"
2021-09-21 11:00:58,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _722c17b329f8133fc2a4f7705f5f8727 and Element was [saml2p:Response: null]
2021-09-21 11:00:58,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_722c17b329f8133fc2a4f7705f5f8727"
2021-09-21 11:00:58,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _722c17b329f8133fc2a4f7705f5f8727 and Element was [saml2p:Response: null]
2021-09-21 11:00:58,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:00:58,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://sp.ad.nexusgroup.com/wa/auth/saml/' with encoded value 'https&#x3a;&#x2f;&#x2f;sp.ad.nexusgroup.com&#x2f;wa&#x2f;auth&#x2f;saml&#x2f;'
2021-09-21 11:00:58,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:00:58,054 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://sp.ad.nexusgroup.com/wa/auth/saml/"
    ID="_722c17b329f8133fc2a4f7705f5f8727"
    InResponseTo="_01451ce70e791126c356dcf32d696aeb"
    IssueInstant="2021-09-21T11:00:58.030Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_722c17b329f8133fc2a4f7705f5f8727">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>dxRaBoFE3EO8INk5huDfu8v3cKZ0p1pnjH+GJr8iGAU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>bZcXMlGEaaGjJVB5waN2V/f/cOrxy1Hs0rFj1xJqj4Bs37xvjgww4T5Pjjgs0pfe6T0zLEvqujX0SRAjlc0vqmUXMDWBZONbhJqHzKg35nSOQ8ejXpOp3GVTPQfldeUbjUkMECynBOG0tBiniLFUNtn/M5wlq+D0eaa716LAePGfJmShd/4b79LyL175ru0zx3LCyRqwxZ5arGbTyQZjtTdEYNKwd4tAOSGxOyGGbYdWQM52hZpncFcRslg+wyGJ4+5BbXFGmHiHvNX+SXwaXvvpheUOAwz1p11LR7OlT6AzDKQSZS/+/tOFxhemvjOnguwHD2V9l2kw/XiRjDPHzg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_77c51cdec7c18dda6390801aa2708f7c"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_458ebc4f44249804fd823e78ba56e23b"
                    Recipient="https://slo/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIEJjCCAw6gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBnTELMAkGA1UEBhMCTVkxFDASBgNVBAgT
C015IFByb3ZpbmNlMRAwDgYDVQQHEwdNeSBDaXR5MRMwEQYDVQQKEwpNeSBDb21wYW55MRMwEQYD
VQQLEwpNeSBTZWN0aW9uMRkwFwYDVQQDExB3d3cubXljb21wYW55Lm15MSEwHwYJKoZIhvcNAQkB
FhJlbWFpbC5teWNvbXBhbnkubXkwHhcNMTUwNzA4MTUwMDAwWhcNMjUwNzA1MTUwMDAwWjCBnTEL
MAkGA1UEBhMCTVkxFDASBgNVBAgTC015IFByb3ZpbmNlMRAwDgYDVQQHEwdNeSBDaXR5MRMwEQYD
VQQKEwpNeSBDb21wYW55MRMwEQYDVQQLEwpNeSBTZWN0aW9uMRkwFwYDVQQDExB3d3cubXljb21w
YW55Lm15MSEwHwYJKoZIhvcNAQkBFhJlbWFpbC5teWNvbXBhbnkubXkwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQDfcvbxwincw8qSQPcZgyfni3chrRq5nhqkPRzMesreZdNSR2OR0Z8P
U+JSe6YPZpubi8R22zfiE6d1CMYm6/cU+uc0dS7KPKSZjj4pSuobGxwanyOgiMFgbihBK5RmjXzJ
+25jHUqqHsIqbHK10i5900zaKMRGIJps+gUbBlkU9KMUpGQQh8RH8VNhaDFIUMIOi1Yd7LvEVWBe
1h3cJjvPR5NGgoxFniNxrbSYUzZgxzNjmyBCiZEInxdeK2IbbFmXrfuTN0CnmwblvG0Etk2J/koV
f8TT0ANF2tSuxezxBJtagCikHLAIexNENLslFsYKV2xerbYLYNnt5mEN2Z4fAgMBAAGjbzBtMAwG
A1UdEwEB/wQCMAAwHQYDVR0OBBYEFA9D31T01BN9kcFkXY/J+ydBgFnBMAsGA1UdDwQEAwIF4DAR
BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG
9w0BAQsFAAOCAQEAI1mATsxD46D86RXxi8xY6bfFMjLIbXgOx7jE1UPROSZonr1Ut8SSZjxxb9C7
WsCk1GisWi63nqKjBAFqVLK5zoCeWkyDoPFYg0bxSlctTtSbfsUTayRO0RQHdrOaa/VDzTELo4Un
DN1wBkVH1ZOwj/iCXPDkByIo76pUXJm0djJMdIC5/U+cD5n+GLl0sJDjbvuBYSvFJnzjnOgv0LhF
4POHHS6iAOyYsRRSt3X6ewRYEVnfAf3DWhmD/vixjVALbxCnnItk0Ud9KrCSi4Hp7Y03vk1phvqF
cJA2ZrJaEo4ZpQ3WhTsSS78Uu2YsuY6gyXWe6gl4Z+vSMLVw8gxEDw==</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Celyj0uYYMupCXzk0FlbHLqcUfGAAV+aXDLZGo8Zet/vWIZvLhwAS7uvQEJxygrU6h4/REauONfHOY6s1Ry3XWMCmqWVNZj3LAc9xc0o484RDZzbG2rG4Uv2xG7jUxkJG6NHj4cLep6psXfcw+ma9NnTS7pksk7Y0kZxwJ62u8whkbS4L62YFif8WJVFU/+TkVsIc4hNqOoSA1WESqRNLjOaVQmcabvD2YSTSwkeswOVTl5Cgef+SKUA42U+VTjxKlBwSjeoAJg1S5dEFlbGQQ/7tQRJw+OV2at/LKoer8salayiFQgRqMkAc3lF5yWRE5C8JRsa7KqoH0NrskMEAA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>ukRHGYKdTCS8HqJt/kZ3ls6K8JhJ7jN13b6AW3DmrzpTip96BMzmSyNlsWBcsfTFk5K6cT/LiO7511Hh11WTR3pTiqjz1VwYLVqS6RQUSURYrxyDdLH/YpedGPt0VGMb/cXhcFnTa9dTNbWHiVY7Q2SS6eji6gMifk/AkvdMrYv6rpooxAdFVXQvTWcNBBW7MvjuDWuatXRQLw8sX1hZhrzLuS35N9SiCl3A/ly+EGOs/R35vEI1SLozDDLdqvzWjLTa6eOgw/R3MBvrkxc6o9V3T1TvdZfFM4qmMB8hxHaroBeCT5LNDhDh/RfXdGHhVwedpEhyWt5KoTt946bYUART6RST8qkfGlbsiwKyXDh7rA0FwsV/rCRKa+DUneD1EAO4dN9mjOm6kNAO1HVwhy3rDfGyGlGZ1qiuwy6eyrLsv6CSwa56idgfuiVbd5POSPMERahVW9AUKBORZ1u3WuX0VeFeukt6pBcaPr4ZwTgxuhxjM/Mz1OCIWijKcg862H2A6ko2gaRSAewAuZ/8gTBSmfHVJTPh3bD/T7S7zUCjtsNecZDsKYR0rjigV2UAWovZtn1X9k17sQINPQ5zwEhHwe86+WOcXYrrBq31fsyeSd67Jog9C1d+rcedDUEMd9L4ctnNBWqT2SSJi3x/x4HFBXGHiGmhCEdqvo2QTz+yr87evoju336EwmYn6zgi49iz6VUPTY+sJ2w7KPGq9Ehla5gpOXuiBTJiB9+qufDdgI5pVvbVFOyywi07MN6yOKMeXcSOCAcpwTF4rOuasENJsgsPPEEW8IJryYGfsgZU4Ddh+4nCdY812/b66R+9muswzkdQLNtajT43cT097FZRNOa1TAo34Fg48aZpL0tBQ+E7h6lhqoJC3I7E7m5LKiWYqSCBBEFMvlokGNrwqvH6CeGDd9xL+t0BhbRrR/+S8DiQwbv6vDiVR/phD7idCQPwzI3/gx3oxof81PpRHL7W7SvMJpGrlRqoLia2K3MRA/X8QErcH/emYL+x3sSw5bYRUZrQ7R6WQ8H7/B2d663eEmTsl+mMFynuSSZn3pDavLRICpEQu1kZhyF9dhH/91/3Hcvk2P5AzDcY2aDUEmNpKUZz/W++bn+Ztypwmxk95sMJIEFHAzv3u3z7/81PBEEa5alce9rucTb6pS9yGW8Ith2L8LQDok7DPpN7+TBYUD3f0RPucFxp/seONRufEK1kUMJsO97hNq3qbSjbjDNlsbrxdYNlIvYPhJto30S3lc6O1e+p8OQO8J8BzAM2UPL9c2HnrX8aHQ5WH+hLrFp4XJB4g+L9cGaIXZPg4H5bUPLnMM+1E5XUplHW3ETqWNx6J0sAkzUumklrVQfoeYSRh95rtRdowY/98PRQH4YalTrnaxY6nmoOIhtxsl52xNnAmSZr6P2R8TiMYZP3chXxFYgOOFWz/KMT4q/GuNFd3vdsHzOjU8XzXlr7c0xcimp8zsJ1oLutOAePeaAJKzTRaYeEwUuS7rsdY62SaMfkO+qcMBLCaoJ4CnacNFkeZW7pjjAaxbl5lFtpR48OaN6WsrapQum3nfGG6b8kDDqmqDxw5TMS1RorOuPo9UHgRX1N7BO2DGbtpN3035J3Q55ypmng/jzZifC/OGBOZ9I+UCtHoav4KVUleKlysA7tNJhBtXHa089VB2qJqNGxxy77ww2X9HjCpJPVDyVwDbPzeC2UmmrOaho/9uioVLk8eFeeKqZit8jcTN1TNtZCNAp8jL7cPPcdrJKzlDGD9f6STk2cLdi9FCysZnLbkYAwZ2qtspmcwmy01IeOlARGgewz0xZ/wqFRnGG45zC1Zk2XcSy1jshQcDDkvkTctOF1GIKwxafSY6Jppwxqemwn4PGvpKyTRCLUEEr4eAHehDUXAlNo9DWwN8Fa5/NXX2wO+woKZwwTes0KyCcAEFtx3652V/SuKdrLmF0+HHGi76rig2Cq6C4Ppz2X6+TL8Sp1Vzv+uXR9nGaN1z4FQF3TVkbiALnjduZxg3ZC84QM40Ag8htsLBrSHxmCPtKYsd1qm7++iB4/8SRGtOaWK+kdcyDSh5beb18wF7F8mzWub+xx5XqxSVLCStrc+RbfM1At6MSp2dhNKKGBZtewKnthG3tXb6jRUayrFQnRuH3dfR/7kJmDQFJec0ehMax86US18/gYhEgx05/nMBei+kUcAl6RVkzx44WM7kDJuQ/5wJLP8mCrzm031KUru16rFdpD3J8esvhPwSp/fKz8JcvVmqqlRVEeBJW1BEmYfFA9Xh6sxyRuYe3KGk8tig4NJ1mreMJFHopK9+h0A+85Y46waGCdIFVpgagrJikr0jRDnITM+6Y7FurvbvT3lRuUhzXMSD9iaDEwVtyQLnlXqFrJvZ3N7+lQO39R7+vEXwoZF5yZnMgNmeAFyUUS3Z1/gQuW1CDUnDOZNmgfHkNOMOVJ+hmcJu+HRZOJbhPd+n7qNtRozXGRP8IJ4gXiok0R0/bhFg+AyP+wtFwhCJu8ok7bfcHnzq9Pp9eJRqUrYTCpoXW70ASjo/ArdsdMRBsDjSSzzCfFTynVeo0Zt/nA1t08ZpuVImKlueYhCxvMZHVAV0fyNfljySmHa/ZVoLajFOPJV5UAH8jeezgR3jxruQVr5w1Dl97RaOR/KJZbdTCblfIC96fy5UdWEwboiZDy0Vd5yAKWs75zuUBEGs0JKySTYuJvR0L7zOjSNS2Mz2aty2NF/qwV9Y7dgp4PXp+tnXeG/RU2sW8XwcFn3cB6t81K3R7P7FWck4H6fBfcpI33SKi9IQD+QY3o2aGjw9D6lSqpRCikbb78uBdTXFqUGH/lqv3eDNPxcJiY0kmUjzwWCQhG3aqBva5i1dMFet6dHZUBd/y9Ph1m8NvOOft/pzsoaRjbhcw/KhPbDss1Zv/XrsxIwwm6w6jzYxg3FpD0jMQL1jtuC9Ar74ikNYkIAzKg3KcUBywIBqJHOyjGPOujW6ScmJniyUTVHSvhyOLD3MXa2PTjX86V5sLv8QwDstolFnndsX5NyjKoZE+psAA0difWSweUsN0wUqk07MnldAS4Zb3uVvBLmmZaLwocu6FbzKEciptii1WtRXSeJo7NZZeXBNQ77wdvSS7/GZCoEGMPA7F3XgBeh68F0or1PM6UryaiUzdt6/1SEnqC2cz59V4ET9V5lo0FAf+yVp03NHIxHS54OxC2eUnGqb08PvJVai+E4cq6PYAEWwFWImZoag9JnYb1J5AHlB5af+TJ+1fUUGbvFzxe8xEdNQcFCVsgWPXe8rypUkJLCfjeghD4GPserT+GyLTGE4wy9hLtcHqJRPj3sO2Gzk903IJ3pzNccFjFX6GtcplvxOtor0oraDGOYcLmezuBFDMaX2L+mJaHKL/AWeWUMaXFBRGYIMRmaozEvpimNNq1BOKik1mEb+KE/Wz6khkEMaaQXGrbtVCSkeslnjh8Xq1Ym67hz93lwqZRVSH5RY2wi0a3SdL7aOX3jU3JKz+l6mExYStJ/FUCmkC4hLdKiQrwMymU9YFrvUW2+1UXw1JevOAHsaGCF9+6RZVs9qbJ4ZnN097TT9sPD1NVayswwdK7tJ80q+j4pCWNi2pSz+AdKEdykw+PU1RfGQVNFypr2Q5nzKmvwXeP28ldErt4Ge0Fy39ypZZVW1vj85UrNe6RSBv3voZ0TDD2983dtE/mvVfJ3o3TSkmTujx5aVYbzcNbIS4P2n6X8WU6hk+vEPMia2UxO3GjEukwKRQb6JY1hx6Vh2521sdUJcvsDIKvNnI40M3f3BumhBVs6m2EoctZBeHq3GkjqOsHN+J3deMZMCoTvuTDvp5ggUB3oMgLYyKBG7sToPOhlLCX8Quwz5+tY968N6DwfZsi17gIS4iaEBDaeZNId15PgqW7o+YOgKA6wyVr2BB7LoWm8ilOUbrJok7Kpydr/6PbVYMaImIv0Ml1quNcI3LH7htnufVsyRLBqzUDG+BHSVrtLOGJ9hAABo6Oh0WGYsE6s/xXDtgpEwSBRu2qhXDGnCoLxS6LgpTQJI/vN1ucEUD3KH7C+pB57ih/IdC+WKynEtjcb9Zy538BC4xcCHMffzP13Eqw7t2xaAAoZ8V6NvhxYF/n0ljSl5wMjlfpg6HBGSEUWCyCjFuDqoBo1U1VXbH00CoEUO8wgz8l6RWY1135k40aCpDMJOjVx6h6rxsbE5WcoraZ4It+ITs35K9tpI/i7NR4v0ib8UFtRM9rsgcxv5oVdyQY3tPmgLq/6ZMNFAgAWcAtQEzNYcHGm8qlH+qCDynZdCKX862gSxb28SnpXRM8On3/OqY141mUYuLYwTS2hxFuldCuqPIxhP+o6dcP7iR44mjYVl1KG4nssBNkbXL/QMGRuZRqnXW9Lq/9521TyiL3rUk+AWsWs5XP++Qny2jHNWCgAw8NK9gh9qlXIf4dJdYpCH9qDoU2m0F+BxNvh0jC+yRjAda35dWuaoFTork0SC/AiMT5aSKyZ73fUET1rsL8G7LQOidYvG3wR4K6m7hI62a7BuPC/TS/FyaOmr+Iv1WzyD9rwc4iRgznt2HXsnsz3FfkROs29ad8V7pHcaKBdhSUNJSd9B4nnXSEKiif59DaCr4jZsq+zZygrnX1OCph2pfbpdgCQfnWUkXL2GbIBI1n3FhVT0DymIsvECrZJcQKKVHVy3p7qAO5n6Ni44fhAVlRdrPBNms8TCb2jyRYloqfkP6qiq1+p8VFTCcMJyMva9V0QYX7LgLTBfd/bFXNKT2fBsR+Ms06uwFnm7xTcwgf28D3caHjiPPN0Z8juzrZzRJOZwbcrRHN181PpWNnP1+UNUjmFHuxcRPi9UtJldRI2P0xUWH8XeC5knS+HEtEIx3AfrjmK1KirVnydwq5ybGaHafbfMygQYB21xOpFYTBmFvfey6h7TPgzIP9XXcRbLuZz2zYc/cp6V9Az/P2osF9w2uTF81WvbpTD9DIgTCZCrbas2a04Pv9djdwFlW7IE5KpCtC/75F5yvbN9zG/unaLNN1z+dxxYtIaN8n0NMYPjshiZaWKx48ptvbkJTwVIWiz0fwNCB4xZv9a/8Y25jSXo+iaDOBMP9vi/vclOx7QKtGmCzaPPXsCAJAqZ9CURgdUjvuQvh/56TDgoSPcKs2wiMktX5vFMECWfn1QBXDprCTphkczz2EwVzOoBSA+lbemxf1CxvLaj5QVIxT6Gkv/Qxxti8z4NFWwz4oFAv5Gx6p6YpEsn21rdz4qD9+ao7TkutqS5WTzF7se9D44HGrS6QFY3hm/YWrogUPIWoxTifROCeWTo65b0VizZE7MPWhYs2qGjY/ja7QK/P6UNG12++m4CUSGUWleela6w2qr9sXtS3yuYSkVfejNK0uBzKvmaR5MKwbKawgqtyY2kJHkryBW4Q67UXCwooqNUYPAuDI9qYsRt6vnVWZQTP10qdaW6u17f1aZItUkSWhInSg+yfGjW+cK+2a2NUG2Ts/eUXnLG3rTEZqmJuhMv3kxHONT5GimBP3tZl2ODbGJT9p4OBr+MvIXJGNuu+a6i5JQ08qV1O7yXmCc+65KA2zeZPiY3yMVeJl439CsigYJyENsvfVCSWDzpfm0XMFJwkHA3fbuy8SpC/2t00zlDfx+T9gC2ZkHmkvIUoWAJ3NHYvUPDSqN8PgVnu7G5GPIbnJxK9E2/vUD54C2kJKWRmvSswgy/Swe3bgYuC6x2iBQCFgAYGmt3bWga0k2x02uMQY5xQnbMI8rMSgNOkulzLBfZz6F2tWBSdCTHAvuN+IeM86mXYBqjVFCZuPRbmWoLrXFMpXXg18EkInC4nSRPpyYgBpv7bTE/U0POvnTQxlN2T9jDuY7Vxs5GS6IKIoiJ+oXk/syMQ7E+LW2iyeSLKH0+r/j+muk3IydkAKhQp92fW/muCZqyNcnL2OwzUYWUjS+Nv0dE34V44WdODvo9NwsEDcu2r4RkYMN3pSKgirl0054S48WxCXEby6UQmfsgvuYpEjrDUF3tIOII/O2BKMrZfHg1oeREfmWWBXJzxXzT8W35LEHIyhYgnohGuvltJv/ZNHPjToTz7UU5dCAhwGUMplq7njB4Hksgtfe8e35dEZfRqFk4oC9YmxxGeJeMaBswT+u1Miin+CnzwJV7tcRMCvex50fy2eArkqM48ZelKUHoQNiv601Lbxfyx791/Y02mfsL99bqy/ZSDHEP7AapOvGlnCliLXstfrvPl0RoLiPsh8YYAtz8OGQ+104z/qGav+JFabWgEBdsaiVaGNPB/Y8v482gCO2C7UCRqL2XWQrUMzaEDwyGf0+ojeXKSDwA7VMh8IbmMfUC0UBv3Xz3tglRR19VXAKanHyWrgZO1J3Atxe7me7FYg2Cb3LQbc5B/cdP4e1dmvkpw5yTDbBs4TpyZAJPXbh6Jm07iAOf8rZg48QgTDg7h+yBm/f/YOX0nKbZLaKWRfCmD0KD0b9sBkjfCI6X8k4kAkaUEsxyEEcXku+pFWoOf3SXUI1DfAZMFa+/p5ogG9BZWnkUFyFhA1KOuTclnMAGtnHFO9zNr6+eR3WKankMD9J1Z7uMBNLinwkfNgzL6G8HkoOTzrPTXjG1KsCGVUKGW425D/cp/Vi5kJSvJSzvtRmhBvt9Os+BVXw1jcZwVUDtGK19Q4cQbA2+SI3JkdE/t0HA7cDQXCw29Z+n3iNi6S21kOzQXMRgBvMRpwC+9SJdAa7eBFus5z2upxuUjqS2yx5PvCoSO1PcqnKbFhkCmT73nnPQPg5yj5uacKB974qVQ++xhZ7DN1mTx0HpbG7ZaZ1vg0Xs58vJ/6BNyYHlGE1mEFDRWQrgAMtGQHnT7VYbW6TLAU69Hoi1upZCm9kG/4i20WmzsNnSh2p+k1BgcS9JXBIKDJt9T+Sbw0Mqf38QE/j+kLDjRjR3Pb/ls9jVwkYArITSTiVQTdHZ9jEP/WI3btRTdR6gVsR6veJcl2cKIZ7FyFYsQGtwwYtE8+11IvgORs/oV2wmATlEbTJTUUpoPvVTBk7POs7T4uZBMKhqdoeMxnEVzbl52yVVxlEDIV3cp9EjFphJ6cVmAEDQJwS8RubopM439QsSijA3H4anPZwf256h/h58WaA2e5rXT/JsvRvtTb/+Npg+fvR3s++jKEit6AE28BIQfuoXT2lNX5rP6UUv/ZkG2n1KOKnkiT6DsskZREk82m6o5DiXmvgfbD2t2lPDgbMsUSWUFjGpUGCmN8iRBo7n1398h+2fcAvTmgXk4oOjmvtYd2nykSF+vkLXz+nr+9WIN+3rQVrsshf/WEkJxz+xOQy5+F+Zhib7DV9cUDeqTjrE7OJPaPRbi3mwwCQ5hK3uiC18by0xKsSw6dRdq8ujPYK3LvOmoDw8fXPb3decH7uLDM93uruj4g7P9ZjwwDhZ1olNyEGf6krrOied0BvoVvQYinAYblvQBqaBIguDFSckmKtfhVjirvgNXpeOdVv5ed2FwFvXPs0XePSAT+QLWWF+w7q6LNhSXswxisVg/p7LoUoArlPGbmoBAN/0u6y/iLxNlKcrfucTScrTylp7L2Pdt1nWJ+UQglSkqngRsdna4lKyv4xOJoS6s9jJVk6RIoKRINuXXF3LOSRaXTiLgAlWVcVpPcpT1hOmvQlyj7TIdKOMfnrnH11IwTCbnB4/g9+fyd+u4fL0o6U+FVgnOrFXGk6v8Mr4+VdArgHKEP7rK+18amYZEPD12l3gnByxdLCVS63BMnX4g73rnLaWAXcQ3MR37zG4s4VsMNEIjhMeJGyJdyXA1Kk5cSZqFagK+k3HJrY2YlAVNMsovafWEvYGu35XEknJbQFgRAHkhzSXPPtrf0MBwa5NoImSpT1AjKKaFJIUgAxrqq/+wAW0ZbAQs2QxwyMv+5KNHLJHBN3jy06HY2g+dJIA93xmIoH+7VAwANQpPRPePCV1X7IEdcP0gC7PLlDwiCzLvfFXyy17JW9gDP+fjluibSPCFUo8m/9zU0idJ0njZMc0gXGGvQN80ADqIDiJCaYR5v5HmFm1Ln9Iq24BvOKvghNBVzvDwrHjO8Q8y1CxNuAWRY3m3rya9UdrE2fJg/8W8LCdmcM8dn0JDrnQRRO8PFEl/D6YWiCIcerZlK9wahWGxiSA9pGDs8eT0Efwp8T64R4iiaJ7UWTCtg9FMp4JKi1RyMZtkMkAYciG1D3EPYKg2gE5kS7A==</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:00:58,054 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:00:58,054 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110058Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_01451ce70e791126c356dcf32d696aeb|https://slo/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_722c17b329f8133fc2a4f7705f5f8727|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0TdREIwqnGpV1CfbktG7BkNgU1tFdl3B4KpJfXx7/xhWG8Eov+Lf2LC5AN2ZKvgJp/5w2O8GC76Ij3t6xRuU8z+KqDcNJhDA61FfWfs07d1j|_11256b4f3ff2458592d659270acbe33e|
2021-09-21 11:01:34,173 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded RelayState: https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-09-21 11:01:34,173 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Base64 decoding and inflating SAML message
2021-09-21 11:01:34,173 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:?] - Decoded SAML message
2021-09-21 11:01:34,173 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<samlp:AuthnRequest
    AssertionConsumerServiceURL="https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    Destination="https://samltest.id/idp/profile/SAML2/Redirect/SSO"
    ID="_e0b6a8f223f4277ed046064bdc306ecbef65e0b612"
    IssueInstant="2021-09-21T11:01:28Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml:Issuer>https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml:Issuer>
    <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"/>
</samlp:AuthnRequest>

2021-09-21 11:01:34,184 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp' from origin source
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:34,186 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:34,186 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-09-21 11:01:34,187 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:34,188 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:34,188 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-09-21 11:01:34,188 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/Redirect/SSO
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID '_e0b6a8f223f4277ed046064bdc306ecbef65e0b612', issue instant '2021-09-21T11:01:28.000Z', entityID 'https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp' does not require AuthnRequests to be signed
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  SAML protocol message was not signed, skipping XML signature processing
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:34,189 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:34,191 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 4 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:34,191 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:34,191 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:34,192 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing not enabled
2021-09-21 11:01:34,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:34,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:34,192 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:34,193 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:34,193 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp
2021-09-21 11:01:34,193 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:01:34,194 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:34,194 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:34,194 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:34,202 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:34,203 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:34.203Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:34,205 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:34,205 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 130e51a24deb00aa6e5680ed16a9df3e1375b5cc4d2913aed0996fc4ed64b6c2
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Primary lookup failed for session ID 130e51a24deb00aa6e5680ed16a9df3e1375b5cc4d2913aed0996fc4ed64b6c2
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:34,206 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:34,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:34,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-09-21 11:01:34,207 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-09-21 11:01:34,207 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-09-21 11:01:34,411 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'schabarum-ba.local.cs.hs-rm.de'
2021-09-21 11:01:34,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-09-21 11:01:34,412 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-09-21 11:01:35,351 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:35,351 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:35,352 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:35,352 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
    IsPassive="false" IssueInstant="2021-09-21T11:01:35.983Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ7b50013-9780-4bb2-822b-2fa1cc571957">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8pULio1I+LAPBq5iDhEVvI/i3cz3taJAY3bNKyvs1Xw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
O+0WTEjs+dQVcB0SNpmuxHugZvp12uuSdCld7uWhloxsLg6CEZp1hlAbGOqJpGiHu+KIkZBTgdQb&#xd;
jUcw9PPoBadQTfvCdO5EjpXJ96BzzupzZr/9xpgC5r4U+PcPWzRzCR1ro7VaNu5+cqbmgB+CDc9L&#xd;
0+yp/QtYw9V7QZXGAmQX/hh3jBIcNIIOyU6vI+lvKf6dIjapD7Jb5W4jGYGS4Jtva2BWJsS8Ie8l&#xd;
gDfHXKZkt5Q2lK5AenNw/plo/r1mnm9LOiKxoJWX2CiThtrJXrMXdnwKxH0gDM8ddpPHA+TzrKyO&#xd;
jEZHA/730i8J+nl3gji2RGOY4HYLWObUJFUH3w==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:35,353 - INFO [org.opensaml.saml.metadata.resolver.impl.AbstractDynamicMetadataResolver:?] - Metadata Resolver LocalDynamicMetadataResolver SAMLtestFolder: Successfully loaded new EntityDescriptor with entityID 'https://localhost:8443/sp' from origin source
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:35,353 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:35,353 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:35,353 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ7b50013-9780-4bb2-822b-2fa1cc571957', issue instant '2021-09-21T11:01:35.983Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ7b50013-9780-4bb2-822b-2fa1cc571957 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ7b50013-9780-4bb2-822b-2fa1cc571957 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
2021-09-21 11:01:35,354 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:35,354 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:35,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:35,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:35,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:35,355 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:35,355 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:35,355 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:35,356 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:35,356 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:35,357 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:35.358Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:?] - Profile Action PopulateSessionContext: No session found for client
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:35,358 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:35,359 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:35,359 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No usable active results available, selecting an inactive flow
2021-09-21 11:01:35,359 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Selecting inactive authentication flow authn/Password
2021-09-21 11:01:35,359 - DEBUG [net.shibboleth.idp.authn.impl.ExtractUsernamePasswordFromBasicAuth:?] - Profile Action ExtractUsernamePasswordFromBasicAuth: No appropriate Authorization header found
2021-09-21 11:01:35,591 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2021-09-21 11:01:35,591 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-09-21 11:01:35,591 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-09-21 11:01:39,234 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-09-21 11:01:39,235 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-09-21 11:01:39,235 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@336089405::identifier=rick, context=org.apache.velocity.VelocityContext@243e02a2]
2021-09-21 11:01:39,236 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@336089405::identifier=rick, context=org.apache.velocity.VelocityContext@243e02a2]
2021-09-21 11:01:39,237 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-09-21 11:01:39,237 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-09-21 11:01:39,237 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 for principal rick
2021-09-21 11:01:39,238 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:39,240 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:39,241 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1d7cd9b3'
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:39,242 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:39,243 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:39,243 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:39,243 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:39,243 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:39,243 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is required, no previous consents
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - Found matching scheme, returning name of 'localhost'
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No description matching the languages found, returning null
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or InformationURLs returning null
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or PrivacyStatementURLs returning null
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No UIInfo or logos returning null
2021-09-21 11:01:39,440 - DEBUG [net.shibboleth.idp.ui.context.RelyingPartyUIContext:?] - No Organization, OrganizationName or names, returning null
2021-09-21 11:01:42,255 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Extracted consent ids '[displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]' from request parameter '_shib_idp_consentIds'
2021-09-21 11:01:42,255 - DEBUG [net.shibboleth.idp.consent.flow.impl.ExtractConsent:?] - Profile Action ExtractConsent: Consent context 'ConsentContext{previousConsents={}, chosenConsents={displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}}'
2021-09-21 11:01:42,256 - INFO [Shibboleth-Consent-Audit.SSO:?] - 20210921T110142Z|https://localhost:8443/sp|AttributeReleaseConsent|rick|displayName,eduPersonEntitlement,givenName,identifier,mail,role,surname,telephoneNumber,uid||true,true,true,true,true,true,true,true,true
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:_key_idx'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Serialized '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}' as '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.CreateResult:?] - Profile Action CreateResult: Created consent result 'ConsentResult{id=null, context=intercept/attribute-release, key=rick:https://localhost:8443/sp, value=[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}], expiration=1663758102256}'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Will not prune storage records, number of keys '0' is less than max number of records '10'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick:_key_idx'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.AbstractConsentIndexedStorageAction:?] - Profile Action CreateResult: Creating storage index with key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.storage.impl.CollectionSerializer:?] - Serialized '[rick:https://localhost:8443/sp]' as '["rick:https://localhost:8443/sp"]'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1d7cd9b3'
2021-09-21 11:01:42,256 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,256 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:42,267 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:42,268 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:42,268 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _616ae887872bac75304c8376b42f4df9
2021-09-21 11:01:42,268 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _616ae887872bac75304c8376b42f4df9 to Response _a3b6df0aa29fe6629f1044f727aa4cf7
2021-09-21 11:01:42,268 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _616ae887872bac75304c8376b42f4df9
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:42,269 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:42,270 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:42,270 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxAgA8zBvYnRNlqtMqEJlW4kUL6dSu7xLY1BLySktldaL886wHSLc2lmSXyNxxN02NhivnGf0q/+8OMQS+tbjoJlQIEa8UElheeyFbPe/DkIhx1h7KN9F6t5WpeKs= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ7b50013-9780-4bb2-822b-2fa1cc571957
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _616ae887872bac75304c8376b42f4df9
2021-09-21 11:01:42,270 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _616ae887872bac75304c8376b42f4df9 did not already contain Conditions, one was added
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:42.256Z, to Assertion _616ae887872bac75304c8376b42f4df9
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _616ae887872bac75304c8376b42f4df9 already contained Conditions, nothing was done
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _616ae887872bac75304c8376b42f4df9 already contained Conditions, nothing was done
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:42,271 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _616ae887872bac75304c8376b42f4df9
2021-09-21 11:01:42,272 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,272 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,272 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:42,272 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxAgA8zBvYnRNlqtMqEJlW4kUL6dSu7xLY1BLySktldaL886wHSLc2lmSXyNxxN02NhivnGf0q/+8OMQS+tbjoJlQIEa8UElheeyFbPe/DkIhx1h7KN9F6t5WpeKs=
2021-09-21 11:01:42,272 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:42,272 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:42,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_616ae887872bac75304c8376b42f4df9"
2021-09-21 11:01:42,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _616ae887872bac75304c8376b42f4df9 and Element was [saml2:Assertion: null]
2021-09-21 11:01:42,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_616ae887872bac75304c8376b42f4df9"
2021-09-21 11:01:42,273 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _616ae887872bac75304c8376b42f4df9 and Element was [saml2:Assertion: null]
2021-09-21 11:01:42,279 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a3b6df0aa29fe6629f1044f727aa4cf7"
    InResponseTo="ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
    IssueInstant="2021-09-21T11:01:42.256Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_616ae887872bac75304c8376b42f4df9"
        IssueInstant="2021-09-21T11:01:42.256Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_616ae887872bac75304c8376b42f4df9">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>gch0YrQ3ilrP8WpqxHuS2t30oz7UbGXAAyCtqDUW9e4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>Kf0F4enpj23wSnP2Hbv7fGip1kGhPl1fgccUcR4X9B83K6GmLsdAo0V+cMEiDsdVJIDUd7mEoFUpYK+Z7lADOcBeCyRXvwRDni7oX2I0j5DRWlRws8e5GSpwtJZnNl9qFsdzE4XBEoQn5BbvO+beC+vnLDntfa9oCg0+ZDoSBkIG21MFRT3nsW5J+73Vfnzivykh7e6RKYDrHd4N7a8ZEyAfpc3INyxqg/suY366wGfdRNDiol5eSb+xW/VjVLrDUdsnjCwmG6QbI+oErjtwLxALug4F9rl9jmCpnU/Nqs0OCwSQ4g80NZxgWlR9D8Li9xm72/gmP4L9z9FHJ/R4fA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxAgA8zBvYnRNlqtMqEJlW4kUL6dSu7xLY1BLySktldaL886wHSLc2lmSXyNxxN02NhivnGf0q/+8OMQS+tbjoJlQIEa8UElheeyFbPe/DkIhx1h7KN9F6t5WpeKs=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
                    NotOnOrAfter="2021-09-21T11:06:42.270Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:42.256Z" NotOnOrAfter="2021-09-21T11:06:42.256Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_f90e1948d753093727290d57ef250c9c">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:42,281 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,281 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,282 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a3b6df0aa29fe6629f1044f727aa4cf7"
2021-09-21 11:01:42,282 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a3b6df0aa29fe6629f1044f727aa4cf7 and Element was [saml2p:Response: null]
2021-09-21 11:01:42,282 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a3b6df0aa29fe6629f1044f727aa4cf7"
2021-09-21 11:01:42,282 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a3b6df0aa29fe6629f1044f727aa4cf7 and Element was [saml2p:Response: null]
2021-09-21 11:01:42,284 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:42,284 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:42,284 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:42,286 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_a3b6df0aa29fe6629f1044f727aa4cf7"
    InResponseTo="ARQ7b50013-9780-4bb2-822b-2fa1cc571957"
    IssueInstant="2021-09-21T11:01:42.256Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a3b6df0aa29fe6629f1044f727aa4cf7">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>b/iVfihhDSEzJUGQreydBgw1rft0IaevXjXs75EPYFk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>StDMjPJtRsTBEBdsVMm3c0E+2tlXXgQdopHe8DNrJ4/nKBNCoQRQLgIUrO0e/KNhXOgJad3cHKcaDvHWwDYLsI+oaDPZ99LzXhgA39KSoGIOGGbxu8mxfGkRSSHW+HaQjcZwuMsjOvMD8m2x35jVmXY21UGREH60JAHiG93Kbjd63yEC7QF2g8x/VYSJjKcAlCL7X8ujBftL1JTp9ZAIVN54mmZtlNeh1gmSdmGBOGfP9mQLuBKXRAnVmLdihngUBMxmAETXW/HnpRI8lyyAv1fIca1rdHnhpQ63ukFJT1nIHfJGS1zhl/hvZKX8S08LkgoyRKBeWiOKgJ67jeUlPA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_7edd472cf38a0b0fc92c9b0214ec3cd7"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_762fbdd7a644b1c6842d8213f63b727e"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>Cq0dV90ATJZAkZA11GyS+Lq8SAxccz7NQ54vId88k41fDbhmtjMOSdoT+Hriv4T7pLFgdQhrtLRbEZHySqD7lT4GHxhBp20vwKm/SoKWAVbcoyLxH3ouQubj+4A9LCKCP/A/7W0R46DXk16fqxBZKPHWVmMXgFDrEUWAOBOzlxHyrk2Fyu2Z1FX3v1PgZ9FA8DdCsYumpGIB5/nCW9hAeLMUJJHAu8t+sqiV58WBngXsBL5ORIB4Ib7hkeAlLPYLuX+/GMwovgWYiGiwOS9lnZR4jkexQNfzwIHuB8eNvTCqH3cDwdG4ExdO/QS+Q00HiLGhvX67vUEN1gz6OscgEQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>c0wIVh1CPTwBDlJTIKu2CXOEaGWB3R3XdoXhFchjAVPF4CqEdNoiBoxT8sT7oeUSD2GcggXSULNCONfmY/7Z46DPNRCioSVRixL3suPfLpidumTbt8dzn+OuLMQPuPESNCX1BaWVnMGSHLCUwe/3976Bb5Wik2ht419clrlHLXErH4SehuGWZs2HHM6Txxl6fQOPWOnV67kwl7XPyiW9XPFptRN2HqrTtdHK1l8F5Be0DcQKer71+UhfZiR167EsnPxKUZovUo2UW4KGTQ49912om6Vm/m+OOeEDVwJnd+Ovve5sGnu5H3ugEZ3X3Kxp/4fj3smF9eam+ZT1ZelCPDXpSV+cLYLZRJLcthfBciEUwXdijq2oQdgTVwMZVW49Kfj8YlP1YSSFz00z7HHPMF7VAfuq1kblPZUykSFqTygMLgbr4Wt/6zyYOWzox5AP+nsxLG+jSZUDQc3oQ8fdw5izZaEm7ooIAKD6/YAItaa8yqQ+g6kebJjdimCMwKTqANKMYv5PyF1vpIPcdhseggAMbxQgKrKr/V+RrV29PSDTQdJKNzu4qGN3acUVdOEniK/qeLco7C0lzKr0nW6wMdKMghLKd2hMOzn3/x1FYihd/TaEWp8sOBkhpkBhBbGAju4OgUZxarP6kjVIDfXUWgP1vJCFQDGkMzrFaZBMzS6YPCMuF1XvwqwoU5LDGiEbdopkb5L2oZuDxkX56if+srWMBG5EJLp2fXkxa+XRdLfABUe80ElKqJgAe1NHAFdQBGT2d13pqAaS9lN4F785poL5BFNrLJRORXQwL4WgLr8cR1maRVUx0iwjVptGugsiEAAFivYKXVAahdy0oHHXhbqFMoD+DKV0oBzntEYUcw7g3HDwVMXTm6X/wDMadYI6rHEbF/hUKySCfESGD846CK4Q2oRTucJfGXdYwizZ5SwOvTCnNc5c6y9JuUiKY5tOKo8gyzR1Z877CNsNGDp8z6gkdzV4IRIaYrYkRWI1CQcjJNk2mMiRCDAzcJPBnJ6W05Jjdh81H3GwTvVDrs9bPMlTySto4u5HXL5xGTvOTim4Oap3y20PltiPSGElJMzoCmVj8dn+7Q5+Zwwsm0S2ZAr6oUDr++TxJuycB2+34Vv1R2Ed0q/aQUbtbEstwMIKf0/DaelAdVUn8LhJ3jKWlMPlhJH76ca3aueyacw+9JgUTZzvhplN+F7y/litY3pdGQnsYmpq8T9jxSIwe5hNEPlDBoYgjx3vSLAYbmdtmxOqfGCtGkYDUEqA6+PUb+WuAsiu043zX/fUjYjy6u4oXoxPV36ymWLsLMTZuzfH/lgeJmHEPGNj6wpXNJje1iDsDRq6EznF7myONOLJ5K5Q9U49i3A+cTw77eWWI5K4ViPVCG7rBwqggvUJAOwF1mtO1v/TMFjIiA8qdTlaZyf5yVQApmEzF01tu1FUQhUk6FeE2HWtVJ2xMPrcNDtToLPe7Ium3mpSV6kFdMHtQ1dWcFNQp48oFynY8JbHGN9V8lMusw7q0sgddg5HgMH4XJCXyLwi/MlZMgE35aonqLPuYPTPIGXC3AI5n6NdRJmuont7+bBrixWg30fsADIaWEofI4u9YgowLTqFmlm/j8dFRzi3409+Y7abIKE1VvCIixmMVhjttkK4CjG+NqBfK/TjG+DQepP0GKuDb+TaDpk3cnN8mCQR+e5+pJPLndt62KpqU/33TKN59raN/PhKd9jGO1QFpUrOiYhEpAc1gjxwyD8v6OexSuJB8JUGSjI+nUrBmpIUakDQcjKMRtp/VX94Xl69oIZfqOB4Lua1moh820wIhmtY5d6cugHF7DIJUD8k/5JZ91MrY/fhVGmIoaUfXaJzM3n0z3DyTTReHgaM47fETJRYfuRSmHNo99EiyLsr1h8tpCLkxPwP2bXPJdRBQrnfn+uU3NN1V976mhVm2QqQ3pQ6KYCeauFbFPDFTs8DXE+o+cPIkC2QbL5L3zCKleWeU7i6qeQq+l2dsHQ+v6Gb2QWCjiTNdkqNs150z2pr2waRbiRYsIgBfglEJQGY6knTOgiqZmyd2J24f683sfW0iyZCtSV7Gj9GpUbP3l82ZMbqFK+X8U+numCvLJtSPhYvtoMk++wg0e9AMCGk9g9zsCkbiof3cp9DK3tuW3rAgDyPKv3IFR94E5avCMF216p8VTS7w4vAZMiztKpZukznbytolzTl4tIcAUL5SY91E6d14WAdktcpX/EIwMuv/UiqvZw2KKqnZ9TIuMQ046GKvouc8IAm3aTWjJDxO4MhNsfM06kKEcjs7EUFvye95IOAasuHlrUCvF1dzr+lb9CiYC24Elq1rwdyMdlQEKyali73GgDlHjZ8eE9yYmhBjj3/BSH00UWOi2mKQz0yGyTGfTJuUFiy+sfMCtSPobq5OD+C8EccO9Bu+OIHylYPxthnPfdZSkNefyK5ZbPLRRy7DNhWooSb2A4HPGWz57Fau7N+VbkBZKSlrdiW+7BoPsXFEEk3niJ7Vo1s027IRygNvNQOxlC5dHrcpRnUgIxJVKG2Vpg+qqc/JJzEDWy8PgN5K7GQJqgFVpM25HF2jgevaTee/Y1e5IxXdIAS2Vbairj6aKWSjRRjxs90I+EBlIwKGSUBfROpv751TeB7RJzTNi4X2Hm7idSx9lnjBHkQt9F0mxYO3d3ATaup9CTR60gYDFJOugZF0mQY8fPYdctmw2mDgN1yovYghfrQP7jwdNe7WBibDr6zLe4fQaBFiVidavqAadxowrd5Ll4dTwjlVr1/y9nPcZuB1bswqIHr41l3pTn3uo0cIsLG7gGDal+0hGwCrRJOhHoKeuugXv9U8/+jcBOiiUoTQ9/yb9FWLQlxpVeevzbUCijf2HqVYEv9+3sDyd8QyPSPW0wTaryeTNQ8M4pZD/t/x0fxqlb+LUzfri2Kt5+gplMvsEMrGlsk8k/tJTCZsiaUZBFHUea9tGO/1c+H+vZJTe1nggi8U7eSdfWHCDVkJ8RC94Rft31V1nolUgd+s51NdKVOgwiImJUU89jsYxd3MBbl2VFl7Al5WG8RkrgUoKtMbuBNYaW/WO5wmVU/n7GqvXDIMNXs6YMQ6TuYzXu7yiTJW3ILHKH82P4u/cYA1D1w9yWetH3EBEI0QFuvS6wd6hqW/YoBcMq6uu+k84+Hf2eJJUB5MEav3mkC6HrOLAwQLHz+jrQ4pKW/yH/aKWxniGXii583ObOC63t5rAbjlbV+6ucwWenWG9xZzOKRr7VzzGus/QuYHujcte7lVAby7hTZ4sm41IYqTh7waG2dFmom+BwSzvSSLBBIt+otBrWcdI44CFHVbsEUaiszv1sWGDfZ51rBAYEtTl0ceeq1YiV9b6ZwuMHirO0JX+2D0/rv+WvDa7JGVbvqlTDTQ5rg5Hp0uRsRZRKCmUcNKXgRFaZ44MbjuxoHzA2qiLR4v2+1wP2dkp+JRI1XAJfJFv+IbEpsRkvvWrseqYIs8zpVAlsdXDwcMiHeioVCdTF0YAwjyaeDTzPwviL7JOCJMUv50YhivdxzZFUDiEiHgrOfgROzQzdIAzfKyuknxqbYNWYoVnU60FykMKUK0VScpXWbesQNN/cdadZ77RtAxNyQ/SvTiPebdsSkuvJlBTXFYXR/QkUQ59jFa3IbAcPWCuiEdjjKMPHptamu1GQoFbR0KlgBJvFRVFnnrzpAYH8rYsO/5t4vbX0j7RVHaxDwyFJJPrmXau8FBFrnM1l5fCSNL6sTnpd1S/I2B9OUb0XOHRA7cmxYifHcekQsRimcBJ3OhsnSsvaKzpN8GlFOaUZY710YVSRj0JpylZC+i59L4/HWR0c4Y/UFbuiBEdStFaOq9BGpvSlZAYuwe4OX8SRZHgDpNKiP4DbBvzFZcfDTAhHh1+kyF7BKxoVxf1+sBiJXPyOiUc03Am2xMAbT0QgslBVqRlceS2k4ujqUtWJ3MUtx0co+xnKv8HRQaNeDg45GaDwtPi8FvDXJG2z3dSnr3z/0DwmhZMyTW+0LGl77hYKexOdHV1LthALKb3XzrFW85Rzygm8E0LwL4nFG6/xoSCd2u5er1/VdyuiVHNS++9WXgAzBO7RrQQmtTpIMuWQCTE6EnSbjMJN3tvmPFFsn7rXh/tb60y/CCuQx0hGNFIGtVu98B3XINYse1WwrZI16QrI3AVC5wUOQuSk6j90ovuFvdaNJrezSkg8WtBNG/yvYX1iWLavwErNrRZKOML6aEuGr/mwewPL9p3v65C2ROJEx28NdAVkMs8SPPhUwinCJhk2VIXjmJEMwcICJ3BOhztt2S7x+WCLntjEOaQ2E52f6HR5V06eVlRxB0yyarzIvgTASoJUsWcaI/Az8UqtrrJQUaacv2xEZLcmc7ymOxoqKXLsBkHat0w/QLADLVYbSuywUYJzoVEa1S03SMh+hHv4Us4aU4kJcf4+MUgywklc2r+ItMsnznMeLjD36f4v0Cc8nXOEFBuMltjkJDgsmIn37u3yM5RAuOo4nKLD/7+jFfWpMajGKWf1mQ7SIoeIs4Wrp351ODwC5sgD9GW1JoIuoZqmPNpB57AxX9/C2/YhKvNE88JgoU6BzT95qsiSaHouKj9RCXmJU8ScflZMofZqYddt5OvtG9+K3Snhniqm9H7C16BUi2APoUQmrLaH3s7n7DU9+o+KlAuch4Wy9MBb0NyEhXfZDpB6pnT1CY2IwpIfZj5tP6rGcIV1SZbxOYx9p0xt5QUfTcMOMkAd+vwiPg80YiVtm0MabuGv2FCBUiWCNKHyAI/PZfs9NK+x3BKccxv1wMFiErhlGCe3uerziCu5ZczPzgLGsqSkl/DmmtaY/ibEvEDCZeuVqN/dDAYDb0ktDOepXQmusjh8OELg8SIs1YvEu/YnhQwYLpl9q6VJTdqWAX/uCk3A3kLF1T3RM0DQtVVL0WEnW34cSV53U9LVb4hai08RvE5Q8GQalGwNxtbXpRC9kaprQMrSgyXlrvmB7VN4RwWk5bXGYJLOZAFGkV84JFYpiJMlDA0tCiHtSNqtCU28aPQrqnRd3PlE1gtvTi6JUzFiGGa4R7B/XhKbjWC2GCIO/AG5J76y01Uvmg7MR7ThDkLwscBf/eF4AoYbek0S2zSLhjP2GSEU4x9FhV30H9hJG/LRGdb/kBdcsOsgK7G+NLlYSsQsE8dvmZBDj/C7vXn3OfBRoV8PtIXHHvXg7uUdQg+Jg+GmRxEP5WqxHPnNVzgwzVjiJrGNAM8AT5p3cfGBT6VyuEjD2v94TuBfCQTUGUW1XtAc1y6HM5ddEt9F4iTlXcutJwiSW+41yUYQmavWRWv5P2LJXUz3gRUaOD/H6UiYYg4UzfeI08e2j0uaVUMl/6MldtuNzyDUdjdHmyBpdDvPF2ayBWL5ej1pL7KJ/kfV6G8wtlLoyFmuggEt5SJLrgN48Ba9pRC+4opiaAPYaabtSisr45IsVy4yX/8DAwmY24No2HgxY0tMMExorwoFJDs1KHpOdIum3izCxErZaC3RIozpA6lRjNIa+i632cXEh0w8iOjJ9PloqhtmiQFcOfSWf6ETVWQfwRUJqN7W+RZjOdq0x+4xkBK4XmfKm1WgqRH8llVv3bpIbdSVDn1NbdHYKLlFnv9rvs1T3aX2MluC4Fgp6Z1AryfNmVdbwYjqHUu3Wzhe6BswyUf39CQD5i3Eo5POQHFhpL+s0SXqCr6X46IzJ+q0gW4yun4xmavkUWo6H0IbJRb0BKZcU6veccugJe6LPMjwixDtEf0QDlYQg/thprAYAyRtuvg2Dl+43exhBlHLcPWm4VBdj4KyQZemA9412C/WiFxGjcf1uv4JxE7aLrSnrWafJZ+vpAyObzaKycfW6gvV/5TxsOOKF+y0x+1c1awLaadFA6gM5Rr+Y8UNcWht5o4A1pMC9tipm5kj3JP8dZbh0ZZqYWJrIhawfVyisJENTWMjbFNkKprWYiTshzq0tPb3vVfCvakd97hRZ7kz06ah8WWG8Yh0C8o1XJ9+BXdsiB2paisbCw1UyOiz15vay7XsuwNL0GF2lT09+XbEhCa13mkl93QUh6TnzvhsexvtRA781RcdkEPuj2lU20tqTeVl6BnHbRd5S63rLLm4e4ZlSFOX4YCTA+U7/DrHl7/K9DScbHtIkp/Ap0tkWXIt8Ioo8xx0zCVfeGjuKUtVbKWs6BnAVkrrBfTnXM4DjwxZaBM1ejqWVEWcNTbN3f4wsp/x18/pZ0oS+9PITbVj4WKFiNG3oEZGfgW0IeIKEUb96+dd7PGu08vZHHPp0cy1ADPBN5FQf+36ReQOJlzCI5yokM1bVkYq8ek5KUV+PKtd7YG4ZhQZjq7syh6dLSfunjSjdo+OcRhfXB4KupasUoprP4xog03CeK2bKWm5XuineAxy6rAoMveToKbON6uTI5kE1R/RYU9k/L16bAhrghAl4wV5UsqtlPI9ZzQGxLl5zjjPEIXf/L9QXb+jqTmoAB3sIjTGaZJ3PwoUfdrhMBpPyn9DmbdiD+Oy53I6fMVNlyI8ZuGDSs/e9Z4bZQT+t64ujy+5OPL+ayYC2EBAI5bwKoLEeQJdd3sPiUg5zYXJs1wprMyCDRkbnFxapjTRhtWzp/v5AFRCbAtT67WWXhOhfVmwk9r0IxWoR6yPOtCNtxpsPVCdLdQ7IcuxsTAbRR+bIG5Qljkj3Oz6EQ91PKW6NUDUbRVZ9D5zLVMKkUe8kgleRqah3PFopV/Kx99/msLasBzSSF5j8oBkSOe4g64s2MI5R37wO9TFP7ZvoP7pa6QUYy4x1AJgqjm7QnDRZUYM0xq34gy+ls8S9KBydyVK2JDFq2b4vI3/gleSd9cRR7JASzREFPwm4FbZRUICmtoBS+d4l9f8AbqHxDacSd6rNxWLoayEH9Lmm8T5oGwXM04A27hdocLv314LbXcwVgjOLhvbvhy9Ep5H6MRK4UWA2U1ZkJl2RlzWnzQOIp++1zGQIelvVIZ2dDs9+1rO+Glx6MH7rzP7ipQEKZ41UcuLIL6zsCQU7G1xRr+cbOZuExPDy4bE7keFALelSZHThYLnp6FV8hKX1RdURV6jM9mvT/zHT0TkkTCqzikv10U7Lhj6ZUUTtinLQg0hT1wZpa9R+GFCGH/8Z679aMSw94tcD0Et033s2DvgJaFpQxQVzbRW/cguUe7FgN2W6ndiU5OFtdVzXLgiu8hgsHIhy9p0zZzKAxaoBvyyyOkVP+WDp8z3JbAKbpoqw4QEo5lvwec3VorEn9pH51QcrC/GrgNun3mVcljWK1wqAHX6uOPx8sm3WjUxAKwp8QUajYJOZt/h5OkL97oncFVMTSEhiiZ32HnBMCAGQdg0cAw3vyzNJIHRDAnYlRLsHfd+PuNx4cFcW27j/RpjGhdaHlHZ7ySMCS9FnnNW7qhJrJ1IodN3Ea263zx53z+t2gyLw/wjSNb9gs9G4iymCfOo/+jcMdl3P20T1LxRA5AwF2MAbuD0X29QhrY9EfchKyOa30BsrvKAVGsQCwhBbtiTVPCoAd52Q9qbjNDI2523O9Rzz8cJLGnLuX2awAmCAzkBvwgigIRd8v+a6vg8PPDkn6NsuVy91Ib85zXkkKcVbpXbmsDZffiCPURgKV//zs/Z4qwylfPSpYs1xJMg8twInXS9JqrGaGFTIv6BcOi7O0etKzDd8NRGaoqreDXOAANNhvlJ16H0VOHQvLza0n/N0r3QH5qIgPNNJeXP2ctcgevcmvQHNq0TXQT597mh23+DUC0oVoQQ9lZo4+Y2ZRrrIuc6gFPex5mJ1NmKlHUYFP2gYTFKG7+G8O3w1XIoiKWWfn9IK6pQIJOqfxBp6PttdWpSUnZnDzKlzkA0T5FC/BkHbmi4XVHx6v2uT77n36cFwYGQE/I2Ta38itPLZA1cHIBmPAr0yo4SAMhKCKc51pbUiKmpdDUCXXyoMIYWPrhfDZCH4nLfUh4jjK7K5MwJCCZPkvNZtELqK5tVpOuyaiSQIRWcyUULspPnlDJsTm+n3yjsr8YtmfEtiD3HMtK9ySQVuBbAVVsZ8sCDgi1R3wVDM6h/+xjE8ovY8y+UP2wOX5OAUWNmWAJhCWu9qogF5A+PUQ41V5FNCtQ0vAeZmnPJjmGwOIknI7+QtW3e5uK3mbWC30RlMSp2ewO9hG/tPaicvXBanUlpchxKi2tzJdcyqjJ6AUIAc622No56QYibSSSdOEAEeLg0yDEeSBiyrx9waPHRMM7a4JsmEHmOkVS89UBhHKsRqWlzNbBvPBDzR/zpuVMaFrWsYUAgTSbshOCE=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:42,286 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:42,286 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110142Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ7b50013-9780-4bb2-822b-2fa1cc571957|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a3b6df0aa29fe6629f1044f727aa4cf7|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxAgA8zBvYnRNlqtMqEJlW4kUL6dSu7xLY1BLySktldaL886wHSLc2lmSXyNxxN02NhivnGf0q/+8OMQS+tbjoJlQIEa8UElheeyFbPe/DkIhx1h7KN9F6t5WpeKs=|_616ae887872bac75304c8376b42f4df9|
2021-09-21 11:01:42,603 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:42,603 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:42,603 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:42,604 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
    IsPassive="false" IssueInstant="2021-09-21T11:01:43.273Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ800c7cc-097a-4687-a974-7e1ba814a6c5">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>xnZ3AL5WzZTVA134pfpLFTndaDwoXAbw3IaulZvZL2Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
hb+6QAnUOQr9jdj7/dP/eD8NDWRf1rVuHXpM6UKMeLE+O90F+nTaNUTHUkUjfKPYoG3ErwGGUcwk&#xd;
VjmDSSeqytD8YkH/nS6iiMddZs63WF1bEzLS64iHz/6gIcRpUc4YZFqJn/Q5qhnWe6aqOtGBe80Y&#xd;
ZSMMYFNh/kEGwixw5yLiCNBoKynuhAmIvsDHfuJuAnDl1kv02Nv1dY+zM2aBoLbdwU6ZzFzHWZX1&#xd;
xN4BN/GYxihO3wWgAXSjK27GTltbq6a6K3FZVo/vniLrkZIAZa0oqRzLZWwKm936ur6bFc4ZL8+4&#xd;
WdpuhraOeMM9vQ82IiPmDAvfLzAAqEYdxvclmQ==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:42,605 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:42,605 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:42,606 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ800c7cc-097a-4687-a974-7e1ba814a6c5', issue instant '2021-09-21T11:01:43.273Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:42,607 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ800c7cc-097a-4687-a974-7e1ba814a6c5 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ800c7cc-097a-4687-a974-7e1ba814a6c5 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
2021-09-21 11:01:42,608 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:42,608 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:42,609 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:42,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:42,609 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:42,610 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:42,610 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:42,610 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:42,610 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:42,610 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:42,610 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:42,610 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:42,610 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:42,610 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:42,610 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:42,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:42,611 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:42.611Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:42,612 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:42,612 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:42,612 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,612 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:42.612Z
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:42,613 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,614 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:42,615 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34e37515'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:42,616 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:42,617 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:42,617 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:42,617 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@34e37515'
2021-09-21 11:01:42,617 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:42,617 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:42,618 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:42,619 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:42,619 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _94e5d471f0060356145b8e51945cbec0
2021-09-21 11:01:42,619 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _94e5d471f0060356145b8e51945cbec0 to Response _3d8c49071b76ed885b570b59a83bc503
2021-09-21 11:01:42,619 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _94e5d471f0060356145b8e51945cbec0
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:42,620 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:42,621 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:42,621 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxRy+vYrRje61wIPN16AbXowlk7DQ0gXKav0shkK3/7wu4l4j4V0ffIBuPi/y4q9cXGVSTnBb3L0MHsnE31yB8aN6uRy/CBSP2bik9t3ngYuHNAAjuw1tU6o5SISM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ800c7cc-097a-4687-a974-7e1ba814a6c5
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:42,621 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _94e5d471f0060356145b8e51945cbec0
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _94e5d471f0060356145b8e51945cbec0 did not already contain Conditions, one was added
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:42.617Z, to Assertion _94e5d471f0060356145b8e51945cbec0
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _94e5d471f0060356145b8e51945cbec0 already contained Conditions, nothing was done
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _94e5d471f0060356145b8e51945cbec0 already contained Conditions, nothing was done
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:42,622 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _94e5d471f0060356145b8e51945cbec0
2021-09-21 11:01:42,623 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,623 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,623 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:42,623 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:42,623 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:42,624 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:42,624 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxAgA8zBvYnRNlqtMqEJlW4kUL6dSu7xLY1BLySktldaL886wHSLc2lmSXyNxxN02NhivnGf0q/+8OMQS+tbjoJlQIEa8UElheeyFbPe/DkIhx1h7KN9F6t5WpeKs=
2021-09-21 11:01:42,624 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxRy+vYrRje61wIPN16AbXowlk7DQ0gXKav0shkK3/7wu4l4j4V0ffIBuPi/y4q9cXGVSTnBb3L0MHsnE31yB8aN6uRy/CBSP2bik9t3ngYuHNAAjuw1tU6o5SISM=
2021-09-21 11:01:42,624 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:42,624 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:42,624 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:42,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94e5d471f0060356145b8e51945cbec0"
2021-09-21 11:01:42,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94e5d471f0060356145b8e51945cbec0 and Element was [saml2:Assertion: null]
2021-09-21 11:01:42,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94e5d471f0060356145b8e51945cbec0"
2021-09-21 11:01:42,625 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94e5d471f0060356145b8e51945cbec0 and Element was [saml2:Assertion: null]
2021-09-21 11:01:42,627 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_3d8c49071b76ed885b570b59a83bc503"
    InResponseTo="ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
    IssueInstant="2021-09-21T11:01:42.617Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_94e5d471f0060356145b8e51945cbec0"
        IssueInstant="2021-09-21T11:01:42.617Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_94e5d471f0060356145b8e51945cbec0">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>lyWpcmkY0Wl84SpCkGbtJdLTevLWE8JOqIjdfEskiRk=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>KECZDTBxs5trPs/iokWxPwuUSjagzD7ZwR4mZIQZSR1Z/jRzVIf0rCGcq9+DQZxFmxRQA5t9glCtvZMttAiNVmxpjWkTT8k/EL+xMIX+CvSNWLHCHuJ/Pxcf1F+s6W+gEUID0e/+igxsUpK1/oPDZERewyvUF+/7Xz4J8OY6ZWHT5ZPL3X5mmrKtKHT985+AbwaQpNKj1FzZ/kThcR5DADNw4OVsNMEyQFohxZ6t6vFQTlHImjbVpDtcT/8nGwGiX66DBarUZjjaNG9FbI7Jh+EGAXH3kHow+AAcqpxx/qt60E4YXP6tXjOlvbcLoz8ucFYrZllFxNZqd65Wce0fKQ==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxRy+vYrRje61wIPN16AbXowlk7DQ0gXKav0shkK3/7wu4l4j4V0ffIBuPi/y4q9cXGVSTnBb3L0MHsnE31yB8aN6uRy/CBSP2bik9t3ngYuHNAAjuw1tU6o5SISM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
                    NotOnOrAfter="2021-09-21T11:06:42.621Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:42.617Z" NotOnOrAfter="2021-09-21T11:06:42.617Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_3980366b29f8baa200269016a15f8e12">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:42,629 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,629 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:42,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3d8c49071b76ed885b570b59a83bc503"
2021-09-21 11:01:42,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3d8c49071b76ed885b570b59a83bc503 and Element was [saml2p:Response: null]
2021-09-21 11:01:42,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_3d8c49071b76ed885b570b59a83bc503"
2021-09-21 11:01:42,629 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _3d8c49071b76ed885b570b59a83bc503 and Element was [saml2p:Response: null]
2021-09-21 11:01:42,632 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:42,632 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:42,632 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:42,642 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_3d8c49071b76ed885b570b59a83bc503"
    InResponseTo="ARQ800c7cc-097a-4687-a974-7e1ba814a6c5"
    IssueInstant="2021-09-21T11:01:42.617Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_3d8c49071b76ed885b570b59a83bc503">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>zXmhC5edT+64+YG8kdAoK7WYCI6vppufqWhojvwiT38=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>A/4tG7qj/f33WRqFkrCQvFnuzYiy920fu/lH1btz9PoFpH0NQc2KOxtFaf5aFd1dWiJ5TOAzGjxbok299NyO4GRdnh2+fUFxcVTxmZU+tv8WYkzqYhPgI3WTUbNJN0DQJY6YTD4bobuUpChiK495CTU6nCd+UbZoNTFNbBy+iaI3L4v+OrkwqUM3MIchsCBcYlVMdehd+KERItx9eymAGQvnuu7Di27tcZINZs8quohHCsbRkfoQf15p8rq/DhwFZi9xfRmN/19Y8NSKtzyme2hTWIKIYLFpNM5TgaR6p02uN+lbjbzKioldjLROIVbHXPU3/m+aq12gJv9HA9jQrA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_47975e2467196dc498d28e3ffe1c1eb0"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_7638419ccfbaa8cf2ab773ad5c74cc6c"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>oThdGoPfhux4nmQQQGwL4t5ChAj62rw6gTkcTkV9Ud3TPLkkIpb/WJsQ5xcOWlXb5J2mzCb6Q+6Q2VJsySkIxOD9nT7s2WA2xAotTsaZGuVqjm5PtswE7fBD7jwme4CXcI64t3NpORklwIaX+h+heKcSa0n80Poj7SSNfoaXCzXLoDZLXyy/qCqPBOjRilPwZpx9HqZC4Lh6XmLJv0nqCqqFtcNytFjB/cDyCwZ+pB1f6ytEO9Bib3DP8Bra20J3XTpK0nF23n3/rCCQYyOgoZcCmoPZGdLVy4uUjsDxAlgd2AzH299t86fqBBJcH48m71RxASMO9MtUfhkxHzF5zg==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>piBBVpXASIvx0oyqsXLd9Ei857Xh4OgeyIGDwGBAlMF9HsxCq99BnE13F73e3jvPkoun//9nNq+hlW4LUma/k3bV0vkqU5YQa8Eu2479buEYs5174n7kCDk/zJv2T4S7lBnBAqPDEyfUDSlqPw/ZrhvyEEdxKa2HDCyaKZ5rxSXMwRUOt2wBa8fJConoXxnRrwAdRkBb2cM1E5Gdo7SS2OeYLL+589m9LX0XDb8V9RWw9eKK77lLH8Kxr4bTtMD905U0of0UHklpYlLgqSHr/FzoTBMdPPPlKuymhA5CRjyHC9pWZQgiZZx+MtmIr1iUVS6u4D3ef7PX4Wdou7YW/8U4uS/KIeKz4YynhGdXkDMMoAg+9hgU14D8rHs/b+MVKFcZDtR2PawoEJTzsR9OuQ6RPJzOObGUGf+2sC+lnTqEaEej4XDPTJWuA6whqLCqB6N3aLKqlBsWGUBsIUnSC+HiAz0pW3agny7q3V0PbpQz2xe2l3wKP4M24+ef3TwwPQsrnP8WSeOOUDwIKnBVuFVs8HoTNmq1CJUFgQHTAeQ+2CD/8QUBxXMsUHBtcArZOXy7OelMkSduPYa9qrhv5hw8nHyM7zbR3widLd7NDFVhT/0E4srhskhW7pULI8zU1ex8SkYQVQ8ApojZu1nBOollaugbVQs32PLVMxDfK42Oj4Yzx6j8lCPCb+TVBSaSmRHq8eKWiL3brKWv/f9OYzbuepTUVq7MszPyGBbwIRptvQlFLtvla/uOOE3Udsxu4t3hdAXJrGUtofUBd3BM27OFP1KEM6ncAPJ86/lOs/n4fBQFlmC3jg5/b+GU7QVj0cGrW123xx+Vx9XWeYJ+9VzkKoVjbx1BqxN911E+qtu2xeJBLAJvDs8dsjMwoy9gxUStPXIjEj4ULXL+5vY3tip2J/2+7WPdMODh/2trNm42iZvZUglqkvD7sEY2F5KuOrfemrvSt5etpICnqHkQB3hQb6CXWRXYYCsXpl/OC1ghgr4w82aIA6pNv8+a4MX50DwqtpOiAIgzoTo0VF8Qu9iAObGdCptNSVtdjb6Q9iYw4xtemrhW6R7OJL36f1FdYBQKGwIWUgOJwvdiKRyAttBFKpd1y4be3GsOBNxj9yr/ZMIlVHJrQAOvZ4KxBmKmyD6b6hN24QofE+hN7kBfe0pzQXvATk5eibdmtp/8IfOFELfqzL7P3X9rDujrIhct7WWyzasKjRGOm4cm2jM+cOqlFbN9vqT/wQPuzzWhT9QgJthmZoImM54fYAW+c45o+b+sHL718HXoHuzggzTQd1g5w81Jup7m4oTIKBKvo8eaHn/iJwQy6pvOJOslUmcI3/3Zb6/QnWNBiHmaalX3lsOxbXNseKCchs9qRo9C3y6kRqF6lVB3kpj29LFHZQGeNAYjc+ioufwWoj9+PxweQkSc9YdnsKwMWcbhGH1oLf82Z1aUxr8xAX5xyH7LBmk7nIR5lLJWsN8fnJ0/9sigeu9/AxGyUZ5HeVu45tiUBa2sPHvmStNDHWLin+yYiDj6tnrTT9WO6FARKQdR1r0yf3kKsFCKdlWJr+xXuXZIjTNPrzDVzdOvv8NPYyuH/Rg2uYS3gAcI8b3gpDG37qSBkitgHaIqrybjxB210EvN0/A6MpshJEzYKUKp2cyqKsfk77Tx3Gh0ZZbN7hBLCxmDgvNg2DqfsI3MSHofk1Tb4orShaKhezvmrsrbntZYu/LC1Dp99nl24PNXlj1DQXTeXRomq/U7EWxuj2xsMvs2yV7bMbrmnVJgV3sMCLhugbemChOJItIhixYTk2gWdc36u4G/GKalwMguS9SblWR8K15tF2QChEW01MZU5iBkJoNPiMLta3IEQjqEJiEtxBTTkywZPHeRbxH58IMar/BA1+H97zDW7W99m6MksHOpX7OoFm9uYuoA6Gkb4upTwBk+2GkaCwS/TStpzBL9OGgwMoPE5Ggp+nQjqB0LYtUjJVl/kplWNAUz0pBlLNgpDZbYYAPNa2wvfoHFvZnLOaHVVx8SopLJ1397VKx+PMCvb8gkgMvPCJ1HKLnoHo3S0gD0Ku4O3Qwb5sN2XnEd1mKwXjufs9R/ZZXbea41thH/QynNDXtB8P06pS14hDvyN1tEZoUmTf14eb7F2vPilWled3abwCBtJVnrlQx3UBM86LQCJpC+0wemCYCV2dSENpKyxY76J23zK85zWUaeNSZ1KTiyAOLkW780y/ySvp2V4YJBRFtwlUTtMKQhwrLvhtw5bCrP/sCR07OLH7IjkEadLWVkDTdPWWrUvNM6rhIO9EfKeOYJiy/kd9Nk1nqC6g0hFs1L+JZwax70wvwi5/w+tJSxkxLY9oru+6onEjDNWdpRo8OAV/j/aR1q06Q95enYjMXZ5MCFgs9XNjmJID70N37sSY+dRXrD72L6YmUsRlqOZG4RIhZlEfzhz3XcTOKKttjbX2g0Du3QJ8uAS86a+KN1axQ/IeTyVU3EQuH0j0h6odiFeJXR+AdB8Ge613+gOIxVwkFzVLKkXT5OKLGHryH/wUsEe3mQsdpmTBN3JG5zqp6qWg8CMiq+DX1uoqtd1yERNLj8JkgF1UN+9xebdPLLlntKFQvaGG8G2fjUubYKmRF9+HJKITL1wlKvwnu53uj6KgZYWo2KglzgPW3JNL/14unCGCEhy1Dheuhiws6NSEcdaMT6t9f0l+lMc8lF6KMUtzFrhMLsejonrtouROMYA4VWVaewOjikPaKOCd239yIql2AIBCLPfkZJGkQjH59PA+6yuxAUYvSrsq7rBf0WNmb3KJVY1GRXhA1lRFds9yZZcUOCOimrK4iR3iy4FcEZj02Eilodap2RaYbHwUhTMgs/CHE+NElIB45kvuZVWcTqJA64HGI8rrVX9rHEbXauOfS6IbJhqwK8wMWWi6Jxukpx3akBrk53dfMpNKztiPVAn/8yDFSnJrGOfba7WEF1FNiNP09OlkAAEDl9S94d6Coq0/4Gi6YDBr7j6cAOYdgUwGhnDQXgwVvsAI3znrDvUk12Se6tD+1s8eiFKSHNvCmzla0gbPWE710CCd9RCRvbjN+ZKx7nrn7hfeD2rtjER6b/EmxO6PlX4sxCKVQR801Lk1hD1Xb4JFXkS+ulz+CFcrZ/SkFFSl2yGZ7HCG5TwYDyiiD7nWeGia6/9Pq5NQZifcC2sR1Hefc6vuf2P8rDqpgAafYx2/mRRNj+A+uVXxehVW1PgOSd40bZtHhaC0Pq5jQL/4j56PN7tKKJ3eYrfXqi1C8Yc5WU70eG+14zVfQQmbJOT4pGTEX0swpVPIm8CRkpE1tgEGw6DYmpEvq3+Ptu05s7piWqx05LL25GqBm0C2Mc94V3RPbroKWUp5IQEyC+YuRyPY5M32bE4eMJ+pAqISzuioJo+3gSF6XsZU29pxyeF6iQ37dEwI1s9h9NtU/M0D5f6vcuERPlJimlH28J6VbX+hIET2ZLnTp8Coi9uyaHEpghbYaTE9sOvZy4p/lCZxurN3w9zvwelri9bcuKkKH28HUyCXtl+NcofJRxUBsh0cBZacz4OLhdzyLZ5W9tOH+SZIr/vQeilzpjDUw2FOIWmxunFg+jrGQ+alJI4//MN71PYVTUJGMCInE17G1L25mQEVUzt7JXdKfCrBRvY0yXhye7x2cENyaw3OWz8m3pjcyLvyOWLfxb9C6eAjXk//bmS72zGxGsshBEF4zk4HT84AcLliCYIl4iUl0q1YUP/TUghztjZfO3nKKW/c9/eRsFjTx4Bq/Y5u3TrmrSXEzY/8jJlcMNpnWhtwZ2q+XT2wLpHPC7gHgijuywXItpYNcsMaO1L/KBC+haEs1I5MV8z6AxeOzyVWEmJbJtNP3kn1HvEeluLAU+G8Utqbss9K32kAJJHi6/0FKAWR7cpcpZ7/mRmMvlMteG0Y442HXiz5ZuW27Vbh+a1jg/lCviZWQwZN5aaOTc+5yDm7vATcDCuYCpG7ge3vqOVPzTyArDYht37WG9ASKrpAujGLhOhaVXzyAlnXyOgh8g72FgwcE6A60zGpFZlodhR6D0j0nhy2Jo1jOckp9BUe2t2Ch9vj+PTYRlPS61GuecYbc75sZrorq3yQ2v2swWac8jdwUOWyPrlJd/Pp44oN5hi5+V43NT57KMo6xlEYLj3dtZjFU+qx2xNiSFYl/ut7HdFSO9/xWh3unh5VdE1F+c/UzWYxBUKmTZBwdMk3ydk6eoZ2SbOsf0FHvKq4UcQDjY6XMjP+dYjFcVQGUALRW0PxqN1F8c+nmBq88+ZUdLsUWlAa/gGDXB24QBcybNE7M1X0krfst3v5wJCGzzeX1Jvjc/D6ESB/BB2mD6hLXYTP6Fyrb7R1lGYsN057qI4HL0eNSzFCWNis7BA/7XyIjyuJVCleojpelphi+AC/SvazlemLFhMHAwWHBPdMfC4qgJEGwvjOH4jNJ6krCzMwEMoyWkKOEonUeuKitfBGDrJvCpN6CqL01AXpz10aErnydTWzbO91GRpLX8Rgh+4pZJh8kJIuSRbJ80PECk/BkDUF4Y654U33w+G1H79uxudAaZ+62TzLhYmurEMlHUIqD86gchdpJR8dnR6jKbz4V4Yf6hokKQ4nwunC8FeuyDqiBru6nFXEFp4scAj06E3Pl3IGrFCaUME9WOuDjMWiTYRxV6zTxPrHqKH66KTgNhgNLMJGaXmJ+g9IInFbysahdgJzKRn9denl3FYNeDOEvFJ2epkUnUmSqC1vHbLgWuhmY7fiQCfNKSc9wRuomq87dCxPVMAw58G7/lXD9UhDSBPyjikKDCFnrija/WJQE7cTRmgceaEdMa3A29Fl7rGs7Px112FdxAHCQq+42JdZOkQ6K2W4nB1pg/Z4/iZTu16OpG8yFn3D44eqRuuL0HenFc2Z3stIfFE+BnEqkwc4yU0VJijzDS7ZtOCpdE+Y3pAcTh5pYhYevtMhK9XSpQMVtOUAF0IMJJpjDDK6n6clq1cG7QZPIhGACHoLFK2lcP3U+0D3GUKywnretugHD3VowgbrEm+qSj/D1acIgzAj3fs6H6eXxOzjI0QuqifJxYqhWnvbplkYiAWIO4XKopG/aH9yl9VJSKMvzrLccpkJFSifZWXeqJoWdFoD8xF0A4rCxZUQUWeEE/JQuljocvc8L7wmeuabtmG3JSedBE2keDDZdkvuK7dUYQh8VW+cL2A3Oza+03MN2cNYvvG4vnfUFJ3rc/mURg7EAblMRr4Qyf1zUDeIk9+ED2xae1I/grAcZ9tn1Z/0NlzdyTfJRYltoKudqwbEOCWcx4AegV+0mMEEcVmJ416l9tUWlWWhSGkhrnp2U8kSVLoEYc6ydZ2O/0v1gCvn/HR3phmswpxakA5RgHrf3qInjfkFiNVZbj8AYy14yR5NSXrOSpPS53KQB/Yd8PWxWk8npDKdJCuhFyXw1fdOKkOkQKoTumYvBjG6N1Zn5rxoOrXpLZ3SyiYN+eCkf9O5svvNVpGjf6cBGrBzXsicfOS0qqHeNuC4NhWvg2MuVtfsNFyjJWG1UruBkitYsRZdlRcwjaehyWHOl1KZ6xzBHiAS92xPgIuWJsw66j1cYgx18qw+wnCKqgLsAxMoFEMCXm9hyb43Ct/dkLpp2c6Ref/0Xzfm9fjt/+8GYKr+hcbltG0TbmodPQNlwUZlwSSp5phGDgMXV8vV+vgve4u7Mlx3EvYcLYoB5yWOvTSLNq4DF1D3r644pl7Y1W4Wue8Er9lQWwldrT37HMU1XSlbO3SBZoVNFPZv9JuZRAs9BMijGnwj/Y87ZEQxrJ3mXkJfwWZiCMWSIq3+KJCjy6Pjd2c8whaVk2y+jgUg5ety+bNL47vW7OvDjDr5hOR3gYR7ZQHTro0NaG7vl6DEWFmnQVxlfdVRnadVzPRBMZgVw6/UIeGY0GXNBpj4tdHKnTN4MIWOMHO/THC52o8TDizA2qZv/rtM9YesKy5UjkTw1yVsYeGNQfONIfgUoRLmYoIcHeYPRVeki5B09IBz9jRUGNyyWD8k3i3pDCWYNpFnTdrLhJAUvYw/45dX+MaFL4cUyaAGBkNTnLLDUS6OiZnB63Z/KGmWcewc4XcoVG42A+NXLD81V/Zqfgoq+hN9b0hM7EFZbJBmjz1x4Cy+DudaOxPtsjHhYQ5DZe2sBc8BNZKW5df1EZCr1QE2wfVGkdZHay9VilX62OlZNn8TJp1RCszNcbmyaDhODzFXmP7+SNwJiKhH22F3HSViIobWfKJBbslrmAR1tq0xHh1ElfisVfuEWhZoINGgDkGkwu/yW6Hnu/60tMhSDoJGGDAOUP2QD2H10Vam3+rtHolqmcJvKnwTp8mXi14OPxK6HCSwYRekouOO+qwW/R/zGNzez18mhfFut/3aAdAZIA1vmpQnFuCr+VcZ4jaQCcsGZVJAiqi5k7+wdvjw0N4+4Eg91htVNlEQdjFwlzBib4V1edFtUIjGWqJu0XHDa7doA20h3WPlXISB7sffMASC+Y6SABBXlImsCk2/AKYACX95cG4S0Ws+D5h4BQB1X9A7rR8R6YBR10KHeBKuTHyzt2wuwFK6CkEBZzsBok+VYanPykeJaAn4lkK/o/flgP8OB/ent73HwJiVuTicWV5lDkbL1IIusnh45px69stgjWEh5+7Jdc90bhhnvd7XFqlI4vCiyLlpN3zacMILPm7nBMh4vI2oJjwE/0fusQ6aYupaipue+di25VuZFzR/BVBQXazS5zKd8V8mkUIpi+c4xg1NNh+ouVswwQ7M5o3qfrXA0oxhjbj0Ru9ywP829lVCZdoCMm6fWVX1kA+iz1RibJ3X7dWo6HqxEzVytfzIM4Ia2QQVCfx+JA6oxrQ7FY4Jvub6QgzvfnCyyXCHIk+UnQ0qVQWgBThBQnNXZP7RLr17xf78aS7g4lV5XGUwI5oujVeImMclVyHInKUjaqvSL2ltnVe9MWaMrKcP9sKqFtC/Sukrl9bbDs2bAiLgDz/wKvFU79IE+YLmCaoVSRe/BLXClJtZjESx9C4jHcuG1zJnf3OjsyF3Uw+2yDnJPz7StfYsLgwzTcFxXi5mclKgG5gVkMz/4F/6g+/GJmn/0t8EFzLKPzyWwuy9VxS0gT3HdQalPrIJDqZ3TY68VnCnyvnhSW003XuegXJyuDfyI1x5+GfeQOl5Ainua72cKJ2VhWBzbnnMoe4/0EF5DlEn1Qu4gK2cxMlmN2XPRPP2g3fRVZSZJbM3syjVFLtl+adQksfhj1HTrdlC6uEnlVLwTypKbjuXhzmRHRh8+BO0vfG/lUuedm+bKSPvpE8ruzlFbflyR/PDmEVbj7xq2fHXdA/UuCx77PXgWDo55PKlB0F1KNyMughU23yC3MzOO+oZXDB+km3U6AfaJfiZtB0Ce74SqIjSMDlWgpNbDy1RA9V7QfRA6LoSXpfqwf4X9s48D0W1YjiF0RCx/8so9yMkA/cD0gh7TEHbcw6jugEiInM0POoPco1i9qEOBe6bZza+4tgW0jY/PiWuWDOA5WTY3ktOPBQotz/v9I+uW2bWJR3xwI4vYhXuysXRHgJNJ0LPW4P9GPb+lLJ5dzoqke7kiuoRsci3JpESN8hg5iUXnguUfVeeHRuJrTtoaLUHYgF/GgeIc04bRG9HBYimJvl248+qashdXD7rzQagjtqHa+da69gnZDJub/UGsGPhRJW6+w89hssMuVPrJmiK2t47P6AeBUqZ1L57hacGi3oBHC7hkYkmMBZaDe8PRQnKse1K/s8p5gvYQiFmq2i0oDj1cK9RauCrMVwEOXH9XZEQZ1A3Cv4hcqd6xa7lgYsCD5HiJlwp97CceJ3Rqv0jMGsyZpmuWF57NzZt+tSnn5SZd3nDV2/ptrduQzHAeTXhrGDOVd2KhP2CE5+oDQ06iRHzTf79bYzh+iQ5OucmJe2pHz6wafQUKTSzKroMFkdjMFeyz5p8mpPp2CZdTXAL5rTgAkXu2f42/oZoNi4xuENVivfaU2NkhoZxGQMk5f9os3FYH+/DPBh0vqTxVxIaEuBlgBSMX6WnDqcvz7cVhcYg0UEoAjH1lr+060E7Pz5GMo4QB4LF1bnbfTZajkQCOHmYmZtXKpWfPP0fCyPAgbVFaeQlHYykGzKf2lpksUzgR6vPVAb+RV+Ksm0IpVnU+6587FWM/4qAlGCPbX9NPJE8jqz0JubsY+HCIqCWn3xjtCAzWrlkIOE+LeJB5aytQWpg/WU+r8DU0Wq4P3pNAIZ1doQptrpS91cDwoIQgpsQZVNqnxxOqnMZ+WoJoLxsI=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:42,642 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:42,642 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110142Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ800c7cc-097a-4687-a974-7e1ba814a6c5|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_3d8c49071b76ed885b570b59a83bc503|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxRy+vYrRje61wIPN16AbXowlk7DQ0gXKav0shkK3/7wu4l4j4V0ffIBuPi/y4q9cXGVSTnBb3L0MHsnE31yB8aN6uRy/CBSP2bik9t3ngYuHNAAjuw1tU6o5SISM=|_94e5d471f0060356145b8e51945cbec0|
2021-09-21 11:01:43,010 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:43,010 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:43,012 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:43,012 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
    IsPassive="false" IssueInstant="2021-09-21T11:01:43.688Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ8313f1b-53a4-4ac5-8133-f193259c3686">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>TLJoXHtc9uKQ423sbyLaHcQSF/SvEExkWxTZCDX0+g8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
mPMWgQTz59DRAGGPxVQo3SgDXY0Hq48pxjATdutXz2XbJpRvF50o7FtnvekTWqtFLen4gflvouNk&#xd;
Lgv5XwyCgD4nIJcAw4mjivsjk9fuML2FmmRxLBtwAlnipKaBlfpoKjrVzXfk42MLbXg31oEhWpjQ&#xd;
ds9drM3YEEPSp/6RFWeQvGr/K7j3sHL0kTHyCQwEmPwDmqf/W9OHUDkoKWDeN8MSNb0ihRB7cHQ5&#xd;
L+q1a96iWadxR/Ee28oCj4rvXpjkGT0NB1I7trT/aoP/8dgCrwCDtFeBWnT9aUyjyH+9WbECy0Ki&#xd;
UN7K3vR09TN0mWm3vA5KIVGOZqLvdBe8opyz2g==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:43,013 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,013 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,013 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,013 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,013 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:43,014 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:43,014 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,014 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ8313f1b-53a4-4ac5-8133-f193259c3686', issue instant '2021-09-21T11:01:43.688Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ8313f1b-53a4-4ac5-8133-f193259c3686 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ8313f1b-53a4-4ac5-8133-f193259c3686 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
2021-09-21 11:01:43,015 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,015 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:43,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:43,016 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:43,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:43,017 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:43,017 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,017 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:43,017 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:43,017 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:43,017 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:43,017 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:43,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:43,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:43,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:43,018 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:43,018 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,018 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:43,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:43,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:43,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:43,019 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:43,019 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,019 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,019 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:43,020 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:43,023 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:43.023Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:43,023 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:43,023 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:43,023 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,023 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:43.023Z
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:43,024 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,025 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:43,026 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@44cf7133'
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,027 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@44cf7133'
2021-09-21 11:01:43,028 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,028 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:43,030 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:43,031 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:43,031 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _7dc9086cac316df950bc27b57e2dcc98
2021-09-21 11:01:43,031 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _7dc9086cac316df950bc27b57e2dcc98 to Response _67680d8c529d33492770f6a673a73bf1
2021-09-21 11:01:43,031 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _7dc9086cac316df950bc27b57e2dcc98
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:43,033 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:43,035 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:43,035 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxZPHJKMr+Ssb2uQqOq/QvkpUyWOP0TlAREa9k0XIIYUzjFE/n3XkbzP9C7x0m13Jdzz5iOTAr50ye0bxuBixcf9JDdUHHVj+ctAOCUAIa35XFq9rq3l0o+kEmIVo= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ8313f1b-53a4-4ac5-8133-f193259c3686
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _7dc9086cac316df950bc27b57e2dcc98
2021-09-21 11:01:43,035 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _7dc9086cac316df950bc27b57e2dcc98 did not already contain Conditions, one was added
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:43.028Z, to Assertion _7dc9086cac316df950bc27b57e2dcc98
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _7dc9086cac316df950bc27b57e2dcc98 already contained Conditions, nothing was done
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _7dc9086cac316df950bc27b57e2dcc98 already contained Conditions, nothing was done
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:43,036 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _7dc9086cac316df950bc27b57e2dcc98
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,037 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:43,038 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxRy+vYrRje61wIPN16AbXowlk7DQ0gXKav0shkK3/7wu4l4j4V0ffIBuPi/y4q9cXGVSTnBb3L0MHsnE31yB8aN6uRy/CBSP2bik9t3ngYuHNAAjuw1tU6o5SISM=
2021-09-21 11:01:43,038 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxZPHJKMr+Ssb2uQqOq/QvkpUyWOP0TlAREa9k0XIIYUzjFE/n3XkbzP9C7x0m13Jdzz5iOTAr50ye0bxuBixcf9JDdUHHVj+ctAOCUAIa35XFq9rq3l0o+kEmIVo=
2021-09-21 11:01:43,038 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:43,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:43,038 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:43,039 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7dc9086cac316df950bc27b57e2dcc98"
2021-09-21 11:01:43,039 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7dc9086cac316df950bc27b57e2dcc98 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,039 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_7dc9086cac316df950bc27b57e2dcc98"
2021-09-21 11:01:43,039 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _7dc9086cac316df950bc27b57e2dcc98 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,041 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_67680d8c529d33492770f6a673a73bf1"
    InResponseTo="ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
    IssueInstant="2021-09-21T11:01:43.028Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_7dc9086cac316df950bc27b57e2dcc98"
        IssueInstant="2021-09-21T11:01:43.028Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_7dc9086cac316df950bc27b57e2dcc98">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>1dTeo1fmNaQ4/pJ2HdJHoeoOBoLgRPrqz4E0oXiJITc=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>How4hndA/8fVargzIajJApJf3NZA3oTlEpAaZTZ9+pCZIOnGgQEk2hHXPljOeRrdagV7R8NG7ubndeK3LRwJhUynAzQztbxVT8wgM5moFoork2/zERyRNnhYDvyxegaiP5FCc/2r1riJcSwHLoIeI8Azi+bR8idxYkt59XIGm+o/rGnKguheFqvET0MNDY8cWEmZ/qZFhrbp+SpAamepgyNwfx50ds7FEfH3mKTbBRBoaj8jILf+U8ogRbpR7Syo5mm3ZQa//hILSO1Jk7FgXTlAKb/M26TADMX8COQH8UDwyDenym7aejDrGxJ2nLWe13qmhrGN3+VWNocSOspLCg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxZPHJKMr+Ssb2uQqOq/QvkpUyWOP0TlAREa9k0XIIYUzjFE/n3XkbzP9C7x0m13Jdzz5iOTAr50ye0bxuBixcf9JDdUHHVj+ctAOCUAIa35XFq9rq3l0o+kEmIVo=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
                    NotOnOrAfter="2021-09-21T11:06:43.035Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:43.028Z" NotOnOrAfter="2021-09-21T11:06:43.028Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_9ff4a3344a481a9e7e10070f5f4ed5e4">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:43,043 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,043 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_67680d8c529d33492770f6a673a73bf1"
2021-09-21 11:01:43,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _67680d8c529d33492770f6a673a73bf1 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_67680d8c529d33492770f6a673a73bf1"
2021-09-21 11:01:43,043 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _67680d8c529d33492770f6a673a73bf1 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:43,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:43,045 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:43,047 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_67680d8c529d33492770f6a673a73bf1"
    InResponseTo="ARQ8313f1b-53a4-4ac5-8133-f193259c3686"
    IssueInstant="2021-09-21T11:01:43.028Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_67680d8c529d33492770f6a673a73bf1">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>XXGXSF6ElDJNfA8eUuLd1TOcEohxZxnIpYfe5ZbnrYk=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>pKi6/T5Q3+RTuLDn98DzAYSVIWvX8j+KgvBc6qWRTIPSXM9IFrdXaMBjy4FfRDicC5sVB5KZ9JJtp7LyRkVpKLPevVgzY9Pp6sqZzRhVJjq/SGs02yrUeLZTFByYcx8RbvibeTsqrcQQ4Ag90C6WZwiLAkd72JGmUh11+xkNQIFA5QktI25DUErFO0WD0/Ee59y6ziEJiEPUbwtv9DoMJrkVNc/E26Q1EZo+N3lkwAHWHr+LWf3k/Nf5L8+X/4SW7nNao+BlR8XzFadJWu2mw/MlAT+piLaRGXx4UZMsBwoTPp9R7YX3ZNsZVrGy+i/LDWsxm/e3pq1o41/HXTywMw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_870262045fc392dc145eb5c2ef2697ca"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_49ec8f22d905638fc0a358c22f39b2fb"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>V98HjsyFU0Clof0MYrx9kPspulk+hIMrsjj1Ca5hYQGQfR9QTA5zsM0rKArWzbeNyYF4tt3+3YL1yMI+BRSa8wr9VfMtG+PjbtTRSz4cVY5O6M9aTyLlHf/xlZnWoZmQGlbTKorTzQEwkMYZAHaT5fm2UYXSbbw8XJ9C01NvPPwMG4ZtF3GmFgWEKd82h3wAKXrgnuv24MqCkjgQN/1H9bhJmUC8HHHljK8f2u8ezXj/eyBgl/XDDIytVIMtwQrObhRXy0zuLBU0REeQfu07WrtIEs4WH1nTYZOKJWsN2NrWIPHUtfsoR2lDvlh3gCKUqmMHdjYZAUroIq49a4xwEw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>NFm5ddXeDXtD7fe44fIV/J1nIqLccPdxa+FmYXi/ts178cWZyO1sRkk9dlUszN3soo1j3ZXaHTB5qV5K0CLsCJp9RmWVpaAGCu5TC+PluY/fMXU0AQwrkai+LCtBtd2S2NYO05jm20Wf+LtTUJsRtJ985av7XqyJGzmiQA6a6Y8+YdihE3wHFBT7Yt7f7eT5X9j6RFrZb8IsqX1FM9b+KAMLJlUKr/UsrBnyeqKSoWPZCCT918PoPvh68Dq7Bpal5pRQ6ZABAOquI5bPYy9rhPzifPRuahAcY7b13u3CrvZwCL/tpxUeHqm0vB8PdK1hYDWTa+zZBYPej09Py8bKDY+NixYSnB/0g2QvcTD0xbiPfhoPfD9qRw4ui0Is/V1CSMWPo0RGm98RNWXxBDlwldRad6/IgZ8ghZJKs5v68bvUw70LYZTDvmDVMNyRsTyNDgdRfur/5AcXGwpigMWQ1KpAnfWxPmw+ve31L3mRCe8QuLA5qOChhy0SiVY/xHKUd17bfy3EMOWYNbKdmYs2OQ+4cjYBy7Kh0387DjHAYfYezFMlwUIEsCxpHW7HhSgS+V3um4FjqBe+eemEdtHxxZU3m3a5ExXCBDM6ME5W0J2ipnBporZ2q77vuhFDtb7qw2GRcjlb+x7cDa+dY9nDr5t1JNv0Mi84ch0DF90YYj/htVXXgg+I+aM9LdcdYJ56uR/F2iMoUBR52fUpzAFWvQnyVKQ3darLnCQ8qsC1YQOy414bhIx1F8sR5bdthk8An7X5Syd+MbAkmc4JXCo/T2i/UG6i+zZoa3qo+y6HoCX3Qc6dGSTynPi5JhZk+FYIzu56H5aH5iZGZ9stmQQEm0rO6EI6kT8DV6tuC9smMKzK+i030SsPdO83TIkUfs1d4fAUKLk+cKQLc08hj/TwDrvXYoV+F9gUFpCjnWFMuJshy/d2/3JEQmJ2yseE2rYIyZTkOO15j6yzmywER5K4lawuucQhXPZASkOXZc2ua6nly+MzlwlQvx7HTCqW+ULjYMvpHDJj2WE7U/PfL00Jx1XNBMEg/O8ZvOowOJFLuFRhuUeK/qAhFn4e3mxwEIxKEmgk2LT8H6D7oJorWhol/gu2inS2iXv4rCux5/btrvn/Kpibmqlb6UZ39tsm3+5u5tyyX+xO0BXcE0QkACsBZZuZTUuWS8hi0y8AO0fTAETWExHWuzcKppa6uKpT5MpNx3+UawoJXfjptV1OosdzqCrgagqdH0Af/WuDdpP0xk88Yrz3n5QX+fGTcIo5cDhVaGJSMCvTD2ZDriV44PpVtgwAmsxx62PWojk1OqsH4M9cKi/3/sk3Va3xxe6nlpFtJ2wyr887LbtwOYtK/cGeFaObg2+QnQWI8R+Ibap1A75r9FsPDV5XpwRBthPeTUhh8mzlH6EGIYgZKK+0E3d9DQ6Z3zVTw7qlfQ1cLTBcXtUjC8/oitK+cYIdQvBgwgz4iikMwWe2J3kS2jVYK9oBLyTAxWPsxCjZPkk86R1Zvf7hbtXCviVw6uGu/5D8WpvYoZ8LMBSZWIpPB0QWtiJBeObBSkbucIe8RK6EVXyXX2vg18D3ICtOjNeHGTjYycdom+K1IiDBvhYUhYXmtqpUgWeN+AnojEjsSVCutQtYc2p4NfMN981HqU5qzvd86Y8nH3nR5B3RctlKksSoAx7afW+yCviI0pZHvbmWfAJY59fJCYAuOVzNUaKpMlU4NaDlbGXGHe9G1liDUOp31SITL/2XRKhj4HFLcxyPVG5l+echCjjIa/l/i0jKzXyqB/G41v9M1SsXWcoMKAemm5jn9+f3NNLrvb3VEEzYRkRhgVuBQSaYCuR7dSFJp4kN+uPXILeJpVYozjnytlf9qn0+LfwMtP9kmr+n0wZK5nhsomd2A84MSiuUwfZmPHR5EvdEgEf4ACn3wVvP9/Ecv+v8NpMdK04/kl8ePbpZiAqbgBWlnTP79bu9WiIjv0vqzi1y0pELIezIVZlCZnZc4vjlX3hIu+rzbKpTWdruToCPPVF7qSNl9+E4Y16MDdSRT4VKmFEAdUqLayGaoL7tPmHayJiuv8QFAE4gjNIMyDZRPVbf9/gmW6CiGqMS1+ycbp1gr+vNOd30hTnDKN9DEQDvCsZ8Tv4qMpITI/pyuFPER9Qet5pnCgKwX8qmU3CkT0urLslZlOO2kaJSg0B/ACQU6cWjc1SFJbe0lviXxA5vhwutk4+8LLuch68WZGxQlQiCrSAdGh67ds4mMMYQikm4vdGKd+SdQuRIG1XrGgt44QMWwZS1Q15BaMqJ1TiN7rbumG2dmCELa9SNz+oMT7AMrv9Ox14CaKxK6yVTyFhzevZ5IJx3pWHzTJvVdyw2CxympcYoBJRi8A4XLdtZbZoPQ5fDk7fZdB8/Ie3CIC/pW8rP41vdwSkpfVP2mv6ArJUv5U5hYno8ZZU+G4l8X2yh9wdtCS8y7O/NvZvMZGQJyJd/b62yJg0fUWwgm4fDoUmxpDgyW5L9kuWZKkOcTzrrS44qzzR2BDRNa99W6Wt95neMg62RAsWOCtI5aJKvYU5QFNktHvoId6Qi8AgfCkIsae/LZdOXWrt1/0qrCDmjVLc1CoXwPML2ljn+RonB76p5+DD3mBAFN+FQ2rRNFSJQQq/zCkifBLd9DgOQgBBP3cO0AEHqIQSXTCLHQJc+kE3KdVPorA09/2sgVvn4PgaMsG+lGkKiOWWP2C9sxJYC7SYWw1lAZ4dmhttNIj3outVxNbB6AbF8kNPSpyVS/FpTpEE0EShxitHK80J1Yd3ShpBEdGqSFYX859AL3nSn8eAHE8OWxhOSC8LZwoBfB5uVt0b0CRpPhRJ4znj2Atj5Ksdbo2ND7wi5PNlJoumTXjlmwbeOO5R/DeQsmn64t/ZR+2gmcYztAwfZjs0FhTYjDWDjCcF2CSS4E5ZsrL+1KWEvszclcNpNAmyMNYsIQ991ytK3t6rcKkkn6XUae/QRkelkXVw4PFKOw2LOj6IpCZ0OFo1Nyvf4raISvIRQj1A74QkWKW51QxQj1lsT+ORXTlWpdAsAmvjlbCzji4sTqQzTkxUoXMIDbDhUKNY9/yBOZs2Juz3UBKE+OO7E8wpwFj+osV5WS0Y6GdIWL+R8cgfBhgKztFi2OKMR7anHbPK6X9HTKFgdzS2a3az4u/vXi5Kh3d6NUxV7uWgUieyX2eThP7AbDDXuvgGoiopF/gr0R6rx/764fnxhlXWRyDtWRW6rzcLMQNX01PZYVzPfMSi1kS4w9CnPTybw+DFxZPCfv+//UT0JTa7BZb1vRHzuvl0OyIE50x338yjkl/UFMiaeepmH4xUPnqfv15sxozrQsOdKbETgi6YwdE3OR2vYSYyjdE42M9cT0MeH87EhUAESjgt0rSXJFmjh3NKDDO9l+4RMQue05P+0TFZCWoNC6ARufWD/d24Siz7Pdtf2p3Wcgv5AC+WIGhTRCnHReyzrHhVp0y//w+W59rdL2biJg/dEqLV1riMcuGb91Y3KMB652rL1OWySMt/6Epk4tc6Gj349Sl9dDB07smhtfd8FA2mSL7oIIVsbvQlyP4OQyMUQlEfX5qTwMC9YJixFXI+48kHQzIJhmwU9UOc5SGgGTZGcRvBPxJd2i0HuhnJtS2jB+KKp73h1qazeslE87QsoSjzG9CbKMJc5jLioxVtxF12ggMQOdaTiB5CkiNJIP+U+jzLeWKBjuCRm+RezKidqGXmHVJ+dnS4RzxOhO5/MzFSPwUZ5Te+c5PtGtwwOx+IeCMAhRXZnQkS/azeVXQ6a4ZhAbf6vkICtGbWqMzVLvrE/COcH9Lsh1GRYFbaKCQVQ4b6QXGKapSfx1a0g8skU8aW9n4QOauOIcB5FQLsLCbyTsh3dJJaPda+ZqY+lEfzAM/FP27uIxyAcaoTgULmnF+0NgFW1UraOM1HIkeD0VSZgW7paHt4u6GhRCAJmTLjhQR932wUkWXYvf56SNlsc3HsKYqzQO1hbuxnA87GkyGU2oJbZaWP2Dv1p790FbFuTIeoIxmBgMzmKkgmcFA2lQbo4osQFg6vZpJM9PlpZRUh/nusxJGxGCHdB/Gveq3dNjYFKQb8R8/SpcA8G4KSDIWbcnjaBnPljwXHWZbOaKpYVEl7h4Db502hLQnXVbxNtrAiqJxRF7Sc0jAg0zSh3yp0fyiXb/K73XwIAdIPlyqci3lUlPzG9vgA06977Z+qfbTHrgYHMGrhN8KKxLhaBuimI4qbfdE52x2YMLooPAp8JDixL2vjWPDTdsTm0qaLDFMpt7j2EkGg7ABDX/WUAfgNfqK1TsVJ0/5XZbA5n3JlCVani10P17flD0Zs8wyXxCB99cL5cWeezzG/7uwfB6B3Go5YFr4nDSbdW2aN6lmVrvFumICOEmsHca073AO/GAj8XPH0neZhzWpgSsp3JeQT20jgNPj8k7+H0BmHwYLg1NRvQfinSo355a2ySgDJCNrqrgdJmcbKG05i+IgM9SMUCZi5ps8ctNnQRoDCXUEfHhWt+9ti25hksdVBlst3RAB1mQJURLPmzcgMjWgZiHatstDTjtcd9H6T9yMOsHRNOO2U/Mpd3PYw1fAACJhR4rbXDtadWO4wu05Tnyy9cBcb11vuanD/gUNzf2+I5WAly4EsTzPlYZSha+JYjzGLaVU5cCSrJ84eF3qiRJBfQecRUU+Nv4PnAKKcutDZfOdjuItW45b4l+0IJeL3TFyNe0DSIwvlPITieNhLb7oqC6CiPGEvB3ujYpwczhT+6orCEG1pfOcDCk4sbRJr45BAteG/Nr6vMyLfjB/lw4RIit4sW8RTjoVfpl3S1TGXp6iyR4oRZBc8kidO9sKNH7/Z+xCCq0sRNkbwm+r3mEwdnrU34S4zKbo5IhQ8SKJJUXpiQNZvGIyxor4xzzkpHqwfGw+XcH+W3mqHfoVWYNIT32w1EpK5RQLQpilhsq/gV39kegzzWM77xXhn3QzOnn5aYwrN4fz4ciusGKl6imCdbW1JCDV+vt1M1s42lS34cERWtemFyleLQERyR7Nmir7jJjpkp3JiSjjsAAkmv4xX6iVDLvXcBabWAtDUH9KJ02KDGR/1YlBTCSISW8WMsCZBGB5TKOsk/tJV+4/J6a1ou+akvhxMhmazioTLXluGUzus1lOm08D6XPV46YIgSoDzX4tNcgqlPQggIyOIu1PvxzJ5LuqtGEFUbltPdEsvF26Tv85N3qx3xmKVLcSJG+3zvM+t96/UNLC7q1oxKuYtLdpJqmT6I/iEFUWPcc5NlgYbfmIsc1vAcyeqaM8g99aWq0AwcN4xI/Ldmp1pbXrrsmli6xhAGfuMvZKjVnizIs1KydRKwozDSSPflcavv5pQVi4kLJ0VBMgpvXsGF1PijFLRbk8dxy58BzqemRC4Tx6MQ0UQlDk7NgcZtD2Qaf+ZhqIGLUzXQAHS917UGd0fCfJpDUQ1PAH2ChkX5J/H5A/UN3k/r2kcVK7rP/mPTVO6+2hGQ8mxPL1sB/FXzgvpT5IzmF2q0+rKGRWuXhIxm8w+RwpHrrFRGAfqWAWnwLE+QS0BKCAbKKOuaTvF4kkfsJfkwO3NqlCjdPgJSZ0DdR5StciWjQ0ra0mQVxcZW6HSU/9Wdd/LfXxcd1FTAdvLBv38iT1SE8NmkxZ0QGfVlme25BA+gkKJtyYVWxvcLuMtQ9HAffW38JeuxaHBfkRt3vFtDFYlBzgOJ1wQa0KxNjGlbOERrclhX+7u1pCJ68942ouVCvRl0HkLaOJ5yAUn29aE9Nr1GcodTCuiGzIMXQfgJj6GUdkR5zm8e21qC5O13/OBLxXBsOT6eC8dorGYnLyPatekPTLqXU0iBiNW717XkSbrjR17PZrlSYSbhM8y8rkqWdSJR2/LFjHTwHCbmWE01vLXxlWflx6XBFyxRtNFegRAEs6zsfU1C1zXLCaP8eq/e3vVd1cLb1ebiKOCa4lO7VkkOsFiSi0bzl3JpdK5ZdM3u5rN42TacQQp2HXc0RseBru/w72nC8HrAW5cvLcaPvz3NeOuRWJC+IK5CJR71XArKhs/voCdmj2NVif2eGkKV58z/cu4SVSHj6Kn530H1XZetD2Ko5YNG5Ja/M+DDdjAUiUfm4pRJHDt5yx2ruVpM9cf/bknbwx5HCD44jzKg0s2yBtTw657JC1MAWskFehmjzIjxq6gu/oYx4ezOhI8U8qPcvNknw5cZqBxjmYFW3llTwQ412Xulw4JPePicSgO02DvAphKkBmVX9DyDzJYLDGTMrk/6CFe8oacYlfGULqnZ+ry+CYP1EoUO/oKcLvctvNshNBZspwezXfQE3XyK3tmWh0DUzXeFVzsgkWnNOQsCE6DAWXqO+H2udHDWYFbcI2m4jV8q5z1aDUUaQQxNJ8NvwlHJMZVzsQy/Cbz1IOZ+Wa8x3ckcRRY6Xc0yC4MzD6yVPySb+Faa7439UaAECKPKtTX7iIGM7tupBtCiNGeyvJumly1tFJvcuA/fl0OPn2yJ4p8P6PGbrEmINkDXJMR9zBpEvwnuPKRc4o5OjEuZ5B/CrGN6LaYKRBQMotCVlqrSEWeQF43Kq5W3BaPKJbgqwNoeshUVY7ltLehPztp+NHARA8LwCSA6G7FWyv6zBtDstx7hl515zskrWRwGKt3eeETRrTpjjAongXiiooNzw/P2I2Db76vazxL5bpelM12A8GW+a0cgFVQX+U6eGZbeZk+sai/E7kRklNuXKXuiWRB29NoOj8NAbYVaRb11JbmJKqWYqOEXD/kMkmElFS24SjZyFIhIO+qxUJLayShvDzPfgZMluHBSQtCDF878iEoOKVWUooOoPIkO1jII4d92w0vZIyscM1+jUVpkYBNx+bVSlDZa/MG3f5hIlxhiUOvJDj8K/nzOPz7wK/SUUKDcp2tyo608F1ktx0QDq38US+3iNlH1GOSg8V16rUXa50L+vcOEIF/K1axbytVbPGv3y9szYTVb4cnP7s3HHsIwHEhhXWQaNXKLSdVbTyC1QDIEVbMJUUF2idOOr6L0+ffKc7dZyTVdx29O3LFbbUIHB8lZ0chv9R7IWYoguY0ibVK+Lz/bYg8Rpjk6o1UjaAUJTTPvr5R9ewcIsERpVv61pWjL/fPIf/ddVDcakbNdMCtQ7IL2JqNM+zQrkLNS4wnBuzS8LqwnrzSPeJBQCt9KlOEzbavxYCXKUDxz/tniKp+jSkf8Lg3sAWCAao0F74ZCC2FPDP74Xktge/2nHBwn4lsJCJR5KTDhAYX2q/F9dgy2Cm+q8eSx0SBi/6n/TVmOGQfcQkmcuZpjFVTSD7JMN2VyKlcniRTan6nJvkTeksHNx6JTZbGXQDTEjUsyMvK306kbaQhqzWC/Hwzy2ohfDSBQr+q0UgxYQGvVMdBn1zz6nBTXu8gK6wsy4igMhJ/n5AY5EL9ZKSp6+4pxxa4At8FUjVZ1+MAUpDKq9gKhlQ1Ve8Wo8pWY4wnBW6+uNyKZqtCqviT2RA/3o34t2mvI7tX+EegkHmof2T6k/g/THF80/MdtX3ThPRsFQwvHUYxLrb8NYIKFxZkyWcluQwT7P6OEG2XBxhuswILpY3IHfCmH49FoWnlWEqAH/cADr2yww+eIH490lFTodx3+VS0Cs35dHLNEN0orn9PTTRVnwXtE0h4St9B4WVDc8U+uTFhqhgbqPj7ERbrSkV0AWq1C13PWqmalNgsbcs/9Yf+ldCGm7K2+3IwC18gH2T5SodtvgDJDKb/mllqy5/Mj9kUQuhiiV0x6W7RI0hkn3GicYWVF6ouZE6CpZU1zLO67T48AyEIExcbyMq460zXiW1/yg9rjOOOj3+gbiYNAK4MHBcGavWB2vLMSXZv0M376W9sxCaB2Szpf9jCFSuc0pPjt5hjm+C48zgbN+j6G3xQNqJxb/yWkmtnv5z2cx5g17gH5gsj+PQRpWV2/4wPrxlkUONLARfhH4GpoxrfgxIFLq5xZMFEC+7NyOx4quLNZqQxT2RIR4utNs5khjlt78nhV6cqWDJhffdVoGQiKHYwWYdKMtWMey9AHCuu5gzE4dtX4DkGaHwdhnX6pyTAHSDZvJOja6jYLyQVz7z90f8PKeyIizVk3N1wmjDuG+Ok3gcjmlLc++r9kTa3LWlQ/2PgvpcWlD2hj1phh0/g3LT44jrxEyaZlB0ZvVPqsTXy6SOJ87CHaoOSd5pM/FvyV2wOT+2DTj9I9xLwtF9foT0Tr1VdJVoT0HzQHl+pFp3qXj/rbJU6BlvdvVwaU+Zbnu2x5HE6cLfs3nlxwfa0=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:43,047 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:43,047 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110143Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ8313f1b-53a4-4ac5-8133-f193259c3686|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_67680d8c529d33492770f6a673a73bf1|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxZPHJKMr+Ssb2uQqOq/QvkpUyWOP0TlAREa9k0XIIYUzjFE/n3XkbzP9C7x0m13Jdzz5iOTAr50ye0bxuBixcf9JDdUHHVj+ctAOCUAIa35XFq9rq3l0o+kEmIVo=|_7dc9086cac316df950bc27b57e2dcc98|
2021-09-21 11:01:43,391 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:43,391 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:43,391 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:43,391 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQfaba668-a365-48aa-bc93-6113d9a186cf"
    IsPassive="false" IssueInstant="2021-09-21T11:01:44.066Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQfaba668-a365-48aa-bc93-6113d9a186cf">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8j8g1EBgWh7WHARrTF6tdrhxkZi2jYnycU6trFh/Tw8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
cyh9Ujd9cZ5WztKF5QpBLVwcnBhjs5tIyPcCbrHZ3uSyQQlRoo6gdYKRYQ/4Xpl7/PFtCohe6tW9&#xd;
ZCHxUmuVVDmgis42pW4VUxxtxMQlQ2uJevvDXHW45+x08MLnqiEyOnA2u6a6MNrbyt1iWCyVSF1Y&#xd;
cOWdU2EzwEdxDkrCctoy+6tvfq+gbuqbNX3EgmBTBAWPyGY97TeW+1jyxJ5F8HwXdeNdzZBfhc5v&#xd;
P//7PaOyDbsb4MwCmCjTSHzzLFKHWxAylrT2gwFIObYs6O+Unx9PDnuVDAl2IIYNOeAdjnlwYXBM&#xd;
9q02+jUAESPLZobPjvv9mISM6JaE0BskZFsFzg==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:43,392 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:43,393 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:43,393 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:43,394 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQfaba668-a365-48aa-bc93-6113d9a186cf', issue instant '2021-09-21T11:01:44.066Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQfaba668-a365-48aa-bc93-6113d9a186cf"
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQfaba668-a365-48aa-bc93-6113d9a186cf and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQfaba668-a365-48aa-bc93-6113d9a186cf"
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQfaba668-a365-48aa-bc93-6113d9a186cf and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQfaba668-a365-48aa-bc93-6113d9a186cf"
2021-09-21 11:01:43,395 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:43,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:43,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:43,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:43,396 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:43,396 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,396 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:43,396 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:43,396 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:43,397 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:43,397 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,397 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,397 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:43,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:43,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:43,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:43,398 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:43,398 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,398 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,398 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,398 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:43.399Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,399 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:43.399Z
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:43,400 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:43,401 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:43,401 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:43,401 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,401 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:43,402 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:43,403 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,403 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:43,403 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18479d79'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@18479d79'
2021-09-21 11:01:43,404 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,405 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:43,405 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:43,406 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:43,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _2c962719c4429c08079bf20a7e409710
2021-09-21 11:01:43,406 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _2c962719c4429c08079bf20a7e409710 to Response _a83af966dea5f0dc516500d735ba7906
2021-09-21 11:01:43,406 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _2c962719c4429c08079bf20a7e409710
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:43,407 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:43,408 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:43,408 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0bQNxFMW1sqGAPO74CAlx+VYPlaaWT3glxmpGpPQOyzhtOuovdmfScoMAC8YKgA9RwdNooc/kivRrQh2/q3nD9v2i6Fp70YS0R8uQeCcuxc95FoQyUp1K1yWE+A= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQfaba668-a365-48aa-bc93-6113d9a186cf
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _2c962719c4429c08079bf20a7e409710
2021-09-21 11:01:43,408 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _2c962719c4429c08079bf20a7e409710 did not already contain Conditions, one was added
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:43.405Z, to Assertion _2c962719c4429c08079bf20a7e409710
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _2c962719c4429c08079bf20a7e409710 already contained Conditions, nothing was done
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _2c962719c4429c08079bf20a7e409710 already contained Conditions, nothing was done
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:43,409 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _2c962719c4429c08079bf20a7e409710
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxZPHJKMr+Ssb2uQqOq/QvkpUyWOP0TlAREa9k0XIIYUzjFE/n3XkbzP9C7x0m13Jdzz5iOTAr50ye0bxuBixcf9JDdUHHVj+ctAOCUAIa35XFq9rq3l0o+kEmIVo=
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx0bQNxFMW1sqGAPO74CAlx+VYPlaaWT3glxmpGpPQOyzhtOuovdmfScoMAC8YKgA9RwdNooc/kivRrQh2/q3nD9v2i6Fp70YS0R8uQeCcuxc95FoQyUp1K1yWE+A=
2021-09-21 11:01:43,411 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:43,412 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:43,412 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:43,413 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c962719c4429c08079bf20a7e409710"
2021-09-21 11:01:43,413 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c962719c4429c08079bf20a7e409710 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,413 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2c962719c4429c08079bf20a7e409710"
2021-09-21 11:01:43,413 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2c962719c4429c08079bf20a7e409710 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,416 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_a83af966dea5f0dc516500d735ba7906"
    InResponseTo="ARQfaba668-a365-48aa-bc93-6113d9a186cf"
    IssueInstant="2021-09-21T11:01:43.405Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_2c962719c4429c08079bf20a7e409710"
        IssueInstant="2021-09-21T11:01:43.405Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_2c962719c4429c08079bf20a7e409710">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>2eFuPx5VacSStc3MIumEz5K6CYtaF8+V21Y9+hqynfc=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>h19F9Q0jFP45yyY7s2ZZesgqvVVYfLcKZ18kYEsQFDjSp1ZdF9nuGcsfbl6THvrWwL2PeatiulLjjCsN+ewLip0tQnpf3uIw+YjKgiU7ngaWNHlXQaMifC7XpMDUUOwX7g95CXTC7Ab2rIugAAaTvXNiYHhLSnMSO2jRfmpRCFmN33myaDaubODoB2GMDvrrziY0+x4aP37+E44hQ1KDkh6s8xTHKC40XbQIjTFchHkWQJhKGEzXM/XZkpElmkMYvmJnfBzS1qrKRzj2FCZ1g160FyeZoH2Mz5bQwMjiMKOjDT112Ti/w9W6SVD8OdU64cU2fisF0D87iYJLCfhR9w==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0bQNxFMW1sqGAPO74CAlx+VYPlaaWT3glxmpGpPQOyzhtOuovdmfScoMAC8YKgA9RwdNooc/kivRrQh2/q3nD9v2i6Fp70YS0R8uQeCcuxc95FoQyUp1K1yWE+A=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQfaba668-a365-48aa-bc93-6113d9a186cf"
                    NotOnOrAfter="2021-09-21T11:06:43.408Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:43.405Z" NotOnOrAfter="2021-09-21T11:06:43.405Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_c800e9bd6ff57324a19882f9a2525f04">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:43,418 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,418 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a83af966dea5f0dc516500d735ba7906"
2021-09-21 11:01:43,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a83af966dea5f0dc516500d735ba7906 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_a83af966dea5f0dc516500d735ba7906"
2021-09-21 11:01:43,418 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _a83af966dea5f0dc516500d735ba7906 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,420 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:43,420 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:43,420 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:43,422 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_a83af966dea5f0dc516500d735ba7906"
    InResponseTo="ARQfaba668-a365-48aa-bc93-6113d9a186cf"
    IssueInstant="2021-09-21T11:01:43.405Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_a83af966dea5f0dc516500d735ba7906">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>F7kkKz2h6eGqjR5MTAt/bpF48AZkfwOFlWGh6069gos=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Sz8tZUZusQ1gVBVbeus/u2+nTv0zWy1nxx4wtwj817be4SbgRg5M6Z95z2F/nHFTrAFmGhr7lJg5lDnUypebYbs8l56E0khz+S2/TKW1TXFV8MBZZh5IP78EcGfJPBeXoxK99dXmeCj+OKrpNt94nlpw9YbZwGsXEkEijbA++4Mlqy/Wn7qAN4SSLUccPu/ldtd+9GX45xg7yYFg8GRIppumRG4t92mFQfON4g122gqssGv0I//8UcSuc9Y0v+IGiPFyrp71CyM6XcTKGZ6scp1a0/1L7F3EutBfQq9C+ASZWGLlVTC5Gbhj8tzjbc35WZj3oSbdHPZCrXZ43VKJgg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_1a4c67c8a91eb2febbe885ddb0caeada"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_8947a37e152567fe021d470588628b9d"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>DmuOX72hKEdE13ew/xk5q8Zf4IDAVtIm/jqGC2+n9x9n57OMwjy6RRXo2juz8AtIABDZADb3XtxsdHNzni4z564o4hnVoDBU516BydP7e7TkyB6IakhCGl/Pt21p5GA0N4VsbE1+yDESOOpyz/pENdT5E/VZJM+Hex2Ng/JaPhE6yYkMiTIXu/nb0VLxYNnrd/0QCZZmy+uUVyH4fgridgN6aZUmqq8xOXv1xXDrU63sVJcSwMSEnLcmvXp2kJmwC5xnVXcpU0FqRHhIrtjLqNI2OVTH08j76PDcUXU5x+FZkcx3W5z2+zVLx5/FCcecunET9WAYdViUSvDng9bOGQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>vZ3fAwVqHMmd94RtVva+MHtsjg0L4MQQ0P/6wV8Ostk+s0srpafSnfnB8g6oEOxpxkhvR5rs69tkDmbdWTR1ZRmN5goaZRlES5qYqa8SaTELklYr4fZg5bXGWvgg/zFk5pzuODnxH+cZcr93ilJ1hvocI3jPuOe5px2nQ4EipzWpUFvDX9V/xmOqXsXIxWUxedi4B72Y6Q3Y9NxbkJYzMxzqjcsmZA+BQU4dCNZ6Nuzo83hfujRWZfBj2Fx/ARRqbN+XSqpwqmkpsQwPmr67tY2popymJQ1fnk+aCjPTFhplVVeVEGZAkRa+5EGiurSbzTgtVMJGPOkUNDXL5vERwm/z6eMaTAoMe5Lss+uWivLfjAVYtBUz1DiuNNX/g45oe5MfYAss8z8ssrlDIqQRMEmQ/HeyO+1t4YjK+EUmFSam5+mbVvLawHcp9w1Nzz/PyteKIHFY3CN/fpZO5LRoPzHYaHBzEa4pCorlzHdcc5Qg5hO01hStyXiaOLt29YmK7K/L31DT364/whQV/vKHq/hSQl6XGoyzHKBIVc6R9JG1V7oQj7CWmuNbisSmECe1plqPLxpfmhsIKranFllU6p/ltwxOkQl/tYUxv8dwhhK/BE+MLBy9YM3+Dp4JVGjeUWGdp9RYeBY4M9X1UYhelzvzJ1olJh2tMDB9NuvuRJEaTBVOL+mJm3Jcs71Q59webSGaV05eOUH5TFLQzCcBUBp99+GHLmAlwbrhbcJyPWmIlPRBTqKwxtbT8H5LwA31bHE5Z+FjOWdZ1qNhxa+APaaYuxxumiLUyJ5M6m5aaB9UVRb6HfcJ87dtbtI1Oae3t+ghh5IK7XvI5FZW41VCZGNgq+4b27qE56Rf+SIVZDi/hsIeVgRyxKTS7qmiOysKkaqqgBlepVcaVy5XddGp+IT4u8TKQ4Gn9fzUL4OvN4uTPAnOIMiuj7E6H29Q3kDoebaEKIYswZu6prg9nDpTJ8BcQ6RWQBBySW69ATybkEKZZ/1TUe4vPXcjlaklzcSf8KhHLkxg8Jo9CAyjFSxUcBd+YWKhXJZrFZ3jw6NjUDLWvGUGKcXIxmX+E2/AivHyng7Brm8y6jHrAHLxJ4Ij6dBqo2K9F4JGZr5f5XKpad3QaRDsiBZouWvyBKnW6ADXSG1Z5Sp2hEBZjpYBHn/dFUQuK5dmsKnrX3o9V2esv1JEVIE+PY1XzokyeWw6BP8l5Ujatk6GeL3dNr6u+5LNxcRcG0lMLWpCER3kZctFl16JimnchpQyEFlo+iHOobv2h7uAywSp25xvLh24RNLDKWAkGn/m08ttu3cKeP4CmazhCZdY51SWZK7ZvFR/mKSSMdelC9JUjYXs1tsev2x/wfbMvuVd7A+/CYVVKZe+t9101r9OjwLiA7P1mkpR1bueBoOv0ClSDNJRJ6YVb8ad/Q+XDf7Ctov6sqyjbI36lUUt/5jTqzmqN6Ba+3f+oxTMwW83MktMT1Bmo6njId+XLv286MJXqeyAiff+bpiD4x0ogM3YeXlJN695QkzIf/efFc17N/iuw+4O1F+1KSlSoSI9rWi/edQhvjefrB6XRFH9mV83RVdLMJhV1L69VyUGyqdtGU2PSOGsCM3E+XLNcWt7fsstabBiAZB7XLOl7aohLpZmKEYBjm3L7HYan51CPbgsnprKzHu9O7Cp2PrKO1NmYOIQsymeK0ltgkOHGSOujK0JOLAaAg0/cLsvjRxz3F+Pd76VIz28Sveu3hsYcjhR6QBeo3M7RSoyXLVjIfqWwZWAMD+k/axlrDkCm9uhX/HgEasiYJ55hPqnmQkoCey+nwAW1RvZJxiv88xO8vNiBGeKaLvNUcTlfmwt3KQH6LznNvXWikKDDamvRgeUApyNLrsS8xQ9VsBWjv+nRKKY9oTsgUuAP+GPjDX+Xd3OJMjTQd5gcPKHa3O2SMilurykxlx0ThgJeJJ1GUZcYchYAzHtrrNVidCsrItto+3Hf/W4NIC53xbsDH5nw+0bZg00tf6U40C/fDi+zXHyc6zFj0Wl/lcdKmF+EbwNFvqoyqjbp7ey3Z05E46TTd/D5Q3EAC/8W2BvgbKWpaiGC1B6x+2ptYIpnaWAYoHveY2RlYc1fx68fEWsOA47dNtsYKqXtd6mO1Vn7g/p3h/WZ2WJZQUfau32dkYXVnUi9d5m0esw/ejTvLXfyQKtvB2qSDy3tEAcHSYnJyw05MAV3BAdJGEgXM6xRk8R/IP3y/Nr8dozCFTshNcTfbxQmr64npvvmHA+L9rIBVGwCjr0gaQbrKtUmVoIDDBgqO0xAzFTUShrk8FFI+7/KcpWjqWjoZPYG1G4BzGdi5ax1LkilfmqZOvYDcgRA7zDKpgAxfurvHf9LdjJtkhaWFVur7GN92ru4wa7Lx1YQOj3esVg+Hi/TDYRWJEkjQGxVrfP8iztw9LAr4rwjz0sofobXBIuI7lbB5oL5KCVHZ5IcCdfI0blKF1ObC+sBZ1XssfVlqUdGiM1uNIg47yfOwqyxKxTKXElFRUp1/1j+7Gc0+lyEI046EkNzLZYDBn2DEU625Aazbk6UhSmkoXWqT2+7knCh4gfkSvyPzzwAAOr1y3mN7KshyURlXLs4tkdRIhiBDa+CfTQlkC7GK1RVARM4p6myTUaTtW34tIyuQPvzwkmzPXKO+rKBw62HBAmgn20zIDGBw6rCMV4J8GEnitMBsvi2duywqvYW13ouoLBjV5MyEjMe1QXQM52lY5eJPIKn0/II8Dx2FSYI0RAAerPXm0byB+/xdfJ27rt6T73Sb8qkuEo+fYSOkwUxEEeOF1ivHsj7xk2FlUZl6uKiDi80VqLw0GelLTXmHAb9ODXn0BO7z5y4nflEHHfixIIPxU3iavBRXdo2BYR04+bBtvpwvSrlT1v5oA4kcPUu1IJUiTJeDt6XQfIS7QVY5zPwfs12zDeKqAglrr4OhM2255bQ38wDHw9fTza+/luZOJgYltzkPBx8jg8TsksyAQNR/ZCeZxqfQOPLrndZK77EvFTxxEWUutOfDGOga09HvCrxfLLN0d/8gzvCbSX4Z9XtqUMVUqiZV6ll+PfyZtVvO4zIzPh8Ij7tmub6PqedJHvKihudhmleS03JMjBFJdc/OXApjffRwuijoIyPwN8dKgC9ufNsfYzc7/u8+OKDKK/ajA3wrWgE8E24ml+tM2BmS8sVvbAbO9G+RkwG6HFHb44PaEfs7F8vgBAe8lBPBC5Xwn9O8OHqfq6pTSMMvAMYA9Q87YpZfrdaMpmCNFz3l4vHstwNVzHJKccjSHGtVsI8QSWmtfM8iwwQfpIst30gJV4NX2eOVsi0rq0CN0lqm1vjuC8RCLclpPjOlEUnfKYmCNMdaZ65ojIc7XT2ZlFIx/X2m1QWIiUgl2zae2DqojHRl/ktk+b29e5OpE4vU+uIDdLwac+UJekZ3LHKalkqi0FJxdxPiRH+ERwfUgSf19CivR3oMEGUE9Ida7MYNnLsZEJlZVjyNNxb/RLRm79ns2kAnn9wn60o49t6c+JV7iM4nWfGlqdflAEnJOFDStmm3kLY2tQ6XEzDW6WshnzjwHrjKxUwMMGIsWNNEQeVa7gdjXhRqM9+A9G70LTb7O6p8b+HCXKhlyMwd/rKqnF12MLziF+kV49ai/1aWp+xPADiITTXtHBheKOkGFiJZopVuWIx+zIBoBZQxU2qbev3uPTrGuAWwyXGlkbO+TlM8rTSQcluExyeqIkNmmVaNA/uue2fFNnmAp5wlKO/8q955kKGWitR0/T95f21nFFLR+GTk3gHwz5E8puGDe1HH5x5ebM6sJJKFPXD5E+O6ERw0o+FTMJ5xE7KD+47WXn3A6XDjySkGtw85QzAUaoiJXUpaRMD552QBvYlt9jml41u2CpVx/Mfp4pyP0VXoSLjkgqdWq+lXAd1ob8AXWPcCuW4/TxUzJsqZ6LCQeo81emo6P1G0rHvc1f1iP6XDqOZqZLp4TxyFWXBEFaNYUk0XwHvVxkVbTkgqoUVVY+G98dh2cU7BNCtmq2Bh8LA4D0svaN1fI4c4h1EcL7uje+EecSPtyAotMKTU07SBhPZ9Jb+cZ57SlqVjQN/UE8WByjgj2OKDIy7Lh9tivJkNKZBkxXuOdJHNebpLrZ+WL8yLq7BfXq9rW/5Zc0VNCnUQI4Fcb5NUYm7SaTcKNmC+OVCaKGlp/hnS3e+tDG/EJlszm3PONsOFgad863x7AWRw17sy3JRET23wULa5Q2yvVBrTf+EQ6slHCZCy9OqntIF/ri813yD5rYdO4FzpLsEqwT6pwisdcK19tWMppxm3kIRTjETMY/JGiQ+7G2B6/VUaMehKVar5PFprY6F9pXqJ0TFg2tfR2wpd1tcJBR5QWe4m1fhU3ssn3K9g3VmkeeEr2IbrC0qsNqHyAOdY+8om71FrYpr+wR2KuC5HfxEbK2t50XH12wnTbtQEPqStQM+nwZ9fMe3j81UuPqBzhrXme4+WFeLsRm4XGWywF2mKIS4YRueKr6ymPtwlBq+i3tn3cF6JunoqR4PSM93iFVZRerMGADsQzgf+cya26GBsfHlE7xyknDtgv0denzK2+XBfa2R+6CJdQCLD7jmvAqzqIZT/VRgT1qm+YxxKE7St9IcOoT/IlZdgANvm4gqD2VzORC31orUZzJA9VaI8RLOq3M9EUeLjapsZ9PuXKMCmNHjEW/j9xgjw0kJBi/+ZPffAREDqE/glZcdoqf6txJXpnSqQoqRU5JLFV7INM8NWI2mGq6pKVoAREVaZg8sV0o3KlhJow735cLHP33J9Br2Efvc42S7yH1p7qXmVm6+IF5l8IITgiiLbspdDXY2cS0gmwCVa/5ACIQQKTZOxgDYUzptafhi0pneQEmFbRzD1wTiLT3PH2juiTknBGOSb6eVXGXIK6V9qIzVT82WYToadwvczKJuwRlh/xl3OSo1X6PmfmgfPx1B1gDsh0uNRt3le92P2gwI9Ci6uHnj91AbJa0hCkNNSgSfFcZnkGtpgfZKqmwUr1jGnPSbGXpzUGAmWEHqpfmU6VX34iftKNccF22nOFyvwyJmFqAUHxg4kHv+3IdgBWHQVAuA2Uc/OpsdnIUpRYQfVkz3skFb1yd7dRFxwyFad6jEhBnEOUR8jYKJEYgICixKK/+XYKG5KpikJRE2xZCnksykhpZT7Va7/CMTFlHiuhJxaXGQDCSwsfs69g2QW3yIZQytC+D7Nm3lCZEEYODV5HtROYWuKfoEsP+cYGBEKUQgHxsE1AgThOrD3MfiTS/pQUdpwCq48fy9/3Ywt5joZodkG+zHss+IzUTctL82AEgudzvaTTKIj7OmCq4pwA/irkFE+JAHnve5gkZUaPBcqQzUf8bRrYJI0CW1HcOudg+o7OdhJwakIylApDYkkFgmmnUVSukVqAYciY5OpM2j5a6Rs56c38NSsIdBFD6bIMqpPsvdXZmQHvRoHlIbsGDwwKTOsaY10399OVBqhaMd1F05QyQM9wHsq/lnkWYDFnfM5cha+vRmqrVAgOQAlKB4ctRNZQoBKre2IR9YMLfzhnDJ62kSZ9Z+uEQKyKPNqBgOHiEra/6UMqzjWqPkM51eEMFnEvvEB8/S0FhjQVR4a4WSsMGEeyXXfQjMkNh1DqJZzf7Q3m5WLO86k1hg5jS1ULllvQ4Z2NkSXhBfTLyFQrgMJtGiVkld1mWCaqUa+wpSfNUiLB9ZpxKOq0uTsdy9me7RWNmmRwd/XaxiZArc5HYBLgnHNrdieil8ErnQJj+A1ELL2sPDafKZr6tZIlQ4ji8BtABxUDW8zU6tMTaP6bq1QU76dPVHPRWyeUyNauBIiVVpVyt3DaK2dIb0enuzWNWeSeB7mT3pO0a/eS4pLvdJqrpHmkGuowJ7vmZrN6TXc22qW5aA+4rELtkew2XnXpk4i9XsUQuKncDFJOZpG/TyItVod2/Y5c3kyuUMqO+qlavBMOh8kOrHYHGmAp+n8jHvazw/4V1IO0+bquapeYuolDs0eRnnyISg+nI0f2j1PfEL1oUZo/5jvb6CKk5rr9CNaXeAh6yCDdnyg5IdE7f98x3EosybkKSwu9EC20UnF8OwHSur+DjZgtdklBVD8wtF7SYybRaSULoaCJyyZWOrwCKH/AvYPcKjNRUNqkqAWv7YhcSwRrAFUouw4j9q1GNqY+m91gRgFngWmP3hnRAfy5qOnU0MKC+1T8SSp447WgOKPoTR39TGiMTJbOMFWZTBX1nSGj3MI0e5qz+Qrmp2hC3+z4EC3XGuuvR7Tn4rnHgCkUhRWPausE/bFnNdtM2jpxJLb17IaRE6VHQoFxzAiLkUw9JCDugdbk/qBTxGgeosigiCBptWjZ9RGG/CyZ02CF44st3sVsBtNgIW2NF1sauypzdJFGI8NhyCNbfGl0gaLHh4M59HFpeAPVosE3XgeVHlz+LwV8B0vx6TYJiMUBa2GYsnB5YhojUt6jyj7VZOexS/qL1nV69UrYNYtRXHWWVMLUbCleW0rI/UpX/lol1XKYQFDdUN6qEHZRGuNQiWvbo4wfBaMNFYaCTWWBu+3v46NyCcBxtAtNFf/SXkBdXLdbeLNMpPUowrWsRiiStzPBtVUD/Iv6Fro+djq1ZouL8FdPuDWrB4t/4IAmxjQgjagXMcmgLy9bV4t3xytpF/WlQEoul0coum3g94hipfZEsHdrA4uHhCO+pmiFT23g0EKQ5i8PlQYDuwnmmPG9bGdy1hinFjBdMkV3FERPTZmD7WaPVoX7WXx9Jl8z3GJB1qI94v4GWlhod20rgjHWoRq/vISPDPcWq/p+m+nrcwJ0yjJ0u277CftPNPWu9Ec4Cfp6u+YrUM8aaai+zFrVxgT/GKkekw4Q04EltRh6NUqpigUYa4K1c4OhKmC7sehGhvXgbRGifdlS2NARuS76PgC+TNOR3lWMywZC8sq/LWhqg41BFda4q6eawk4AuDRtTLXwJ2nO+0/sglEwI1Whlwc+jlU+yt9v69h2QYh5zRd9eYpDO/DsUxlt0nwudKThJVYA+GmzhrXzTGA5ujcit5DZX2ZdUfpI1u6mn0FNefAb3osMBPFB4uGYqkxaXNteQmRCroIp53G9/64bIfWhzxH1Mn2ypf+FypQ7crBg02ebYKcYFJMb6gRadAE7KSz3s+7aO+WyACNngkSYGmPmR2xNGZVzc9dd0t9o6Y/oWH4IfvQO3O7DArxS2l2SQ9LhSDfGPWqCgNT9Gc32fc/n7MK0OcBzueHENpp2xsUJPD/GUGA8oNOo74D03uPSOz1OQNvrosadjlnnXNtzGQF45A1NwiHjEr2TommG6lmXTavDQyr146/kmLC1r5EXAiQn/dsVBq6vGMm2/XAKf+g2Sfw92lQTZ7+Tm+kOzzucICVF9rUYSISuWusPD6p2+cLfx95MWIGdkN8X9CWwMn3fccfQKkdGhsreMcoTrX/MpiAyPCDMyUVkDKZ5jd6GlNa2T1Grdhix+tb/5OAiwkc4LLPYQ80ju32AfC41T6hhboPVR8/RCYUKB+jp9sA3ud+c0nWvHMBiO73xyeSbkzqj5Udd0uUgTI0A5XsWIQy2f8SghKi+cKXkdwtVCFjrIiTrUL36JMtg2prXLTQrd58vnjxMh4NucZcq6Qcjf3XFq3Mih9MrqRK1qOZZrMMU5WSBeBdDAMXKDyZipT9qNLO3Qs3zQNocSpfyYXlgVYwe7QsJoDXrMZv3EPeUULJJn7A3RTHPyUZga0coZztBCSCmnr/KksYTou2OzzSc5OxZy3Onm9bkhUyhkX1vLipBBj/j0hDLNin4oyesP7NsHruzvAqqThZrXtEKsJGVWzdhbznn5B6xBlXIgA2lDU6ftyyzQssgmZBlnxDIS8HxF5AnpxjA7yRTVE2xxSinGD5mThK096DcopV31FwGArMSB46v2+fUSaqzWpbrC7AX4q7jfw1ne+JLUnfBJvbHKpOpuXOE/GEr7AA8qvTXl8CUoycTEuYknT8eVR7zxn6dFhU3Mxnt1+AHts3RVJRzN4bV01POajI0tli+I8KUSkXh1YLrc91DJxqgWdP2CE9jretk3tEPQ1SMdGC/t18yzVGNoysqajNkJYNgxuHvkbhvCdkP01v6ryyPUKvj8HdE6LoGu7omfBwkYYWuE1AZBUybEkP+FD8rVOr4pEhvy8N+Fx9z+gJOpNI7NnIg3L0e+5I+r5O3Q8tOcxYbdYh7PXUTeF7Evo2T/it8UVxBcQedtB1vHpYWXxlN3IqZ6ejVfCvr6zcfYQDhnPgbSA0pKh0s=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:43,423 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:43,423 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110143Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQfaba668-a365-48aa-bc93-6113d9a186cf|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_a83af966dea5f0dc516500d735ba7906|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0bQNxFMW1sqGAPO74CAlx+VYPlaaWT3glxmpGpPQOyzhtOuovdmfScoMAC8YKgA9RwdNooc/kivRrQh2/q3nD9v2i6Fp70YS0R8uQeCcuxc95FoQyUp1K1yWE+A=|_2c962719c4429c08079bf20a7e409710|
2021-09-21 11:01:43,770 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:43,770 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:43,772 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:43,772 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
    IsPassive="false" IssueInstant="2021-09-21T11:01:44.446Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>qYrESgWSUfpnlmGPH8II6tNd6cn19Nfi+R4ViDSDFzM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
m1V/5hB7xlP+YxkoOgTVCg8W4Kzp6zDrhnc3KMH3x82aTeMj9+8f4UngjchbRBl7ZjQ9E2+WxSyc&#xd;
89YJCVZqzWTkNabf1GGUzP6vfEqEHni976v7Ofxh0VD+we/1Mfn56CcElH7UhxRVLagoYPZ0jKTC&#xd;
m+jL4FaQn86LEvXzYLFkHqjnTqocmMetNwIEbLI51ZwtcV/ux00Uz6g9Qt6kmTTIHwS7PoDtsYSH&#xd;
hcA/R8DGeJ3XrnxFuFRoicTCQBlaq9BV2t7FV1jXrW29rLI13oX373BbCMUxZuzP/OHm09BYP4CV&#xd;
c+3t6F8u0bSB0uqN9ePoX77HvfmFkj45KSB19Q==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:43,774 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:43,774 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:43,776 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8', issue instant '2021-09-21T11:01:44.446Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:43,776 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
2021-09-21 11:01:43,777 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:43,777 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:43,777 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:43,778 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:43,778 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:43,778 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,782 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:43,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:43,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:43,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:43,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:43,782 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:43,782 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:43,782 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,782 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:43,782 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:43,785 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:43,786 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:43.786Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:43,786 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:43,788 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:43,788 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,789 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:43.789Z
2021-09-21 11:01:43,790 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,791 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,793 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:43,796 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:43,799 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,799 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:43,799 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@39584836'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,800 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:43,801 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:43,801 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:43,801 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@39584836'
2021-09-21 11:01:43,801 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:43,801 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:43,804 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:43,805 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _017b1213ad978ab589c933dbbaa58e23
2021-09-21 11:01:43,805 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _017b1213ad978ab589c933dbbaa58e23 to Response _2b23523cbb40d2f12c10fffd8abf63d9
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _017b1213ad978ab589c933dbbaa58e23
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:43,805 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:43,810 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:43,810 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,810 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxG2aVgkrRirsvf9cITRnum3oJFCk5sT92M+dnKv1g1K0q4H19ULHvfVpmLA3QxGEmtViYT20HB1vKFgHJramtFwbF/G0GFaCfWjtoiAFw8eoIcZQPFXpwVitPp4U= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:43,811 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _017b1213ad978ab589c933dbbaa58e23
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _017b1213ad978ab589c933dbbaa58e23 did not already contain Conditions, one was added
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:43.801Z, to Assertion _017b1213ad978ab589c933dbbaa58e23
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _017b1213ad978ab589c933dbbaa58e23 already contained Conditions, nothing was done
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _017b1213ad978ab589c933dbbaa58e23 already contained Conditions, nothing was done
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:43,812 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _017b1213ad978ab589c933dbbaa58e23
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx0bQNxFMW1sqGAPO74CAlx+VYPlaaWT3glxmpGpPQOyzhtOuovdmfScoMAC8YKgA9RwdNooc/kivRrQh2/q3nD9v2i6Fp70YS0R8uQeCcuxc95FoQyUp1K1yWE+A=
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxG2aVgkrRirsvf9cITRnum3oJFCk5sT92M+dnKv1g1K0q4H19ULHvfVpmLA3QxGEmtViYT20HB1vKFgHJramtFwbF/G0GFaCfWjtoiAFw8eoIcZQPFXpwVitPp4U=
2021-09-21 11:01:43,813 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:43,816 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:43,816 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:43,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_017b1213ad978ab589c933dbbaa58e23"
2021-09-21 11:01:43,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _017b1213ad978ab589c933dbbaa58e23 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_017b1213ad978ab589c933dbbaa58e23"
2021-09-21 11:01:43,817 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _017b1213ad978ab589c933dbbaa58e23 and Element was [saml2:Assertion: null]
2021-09-21 11:01:43,819 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_2b23523cbb40d2f12c10fffd8abf63d9"
    InResponseTo="ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
    IssueInstant="2021-09-21T11:01:43.801Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_017b1213ad978ab589c933dbbaa58e23"
        IssueInstant="2021-09-21T11:01:43.801Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_017b1213ad978ab589c933dbbaa58e23">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>xrMzBGYxH2g4oiU+O7vlbtzt4+nH926zOVVU3t26y7U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>cLukBWEJOlkQhvzvT6daSXAJuW5UXiyj7VInADYavFy16zYcnPqGT1EHCU2IJOvkPrSEURpGFfzeC8UcSbZ4srcObS9sQ8kzVxNXC4LjaV4/7JCHAaESA3rXvJfcBpErwxXyvsz7H4D/yVnfShx/1vFqfxMGcTQ3FculX1BWPlRdbuybvAx1lotTPFPQ4pLZWMRDSMZ/05xWmFsAc5282DQdP4LMXvRvqUS9N2bSAh60C1e/8+9ilvqusLR9nSR5ei9Tymr3Fslh8WXVRQdnBeV3Y0SRPLiIiQTbUQVaLg0aRm/jZtgpnnJCndvlpWrMaX+OnfusptAGqxDEW5nVKA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxG2aVgkrRirsvf9cITRnum3oJFCk5sT92M+dnKv1g1K0q4H19ULHvfVpmLA3QxGEmtViYT20HB1vKFgHJramtFwbF/G0GFaCfWjtoiAFw8eoIcZQPFXpwVitPp4U=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
                    NotOnOrAfter="2021-09-21T11:06:43.811Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:43.801Z" NotOnOrAfter="2021-09-21T11:06:43.801Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_f12117ecd193b9bcd884b92ca7fde4a6">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:43,839 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,839 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:43,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2b23523cbb40d2f12c10fffd8abf63d9"
2021-09-21 11:01:43,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2b23523cbb40d2f12c10fffd8abf63d9 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2b23523cbb40d2f12c10fffd8abf63d9"
2021-09-21 11:01:43,839 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2b23523cbb40d2f12c10fffd8abf63d9 and Element was [saml2p:Response: null]
2021-09-21 11:01:43,841 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:43,841 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:43,841 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:43,847 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_2b23523cbb40d2f12c10fffd8abf63d9"
    InResponseTo="ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8"
    IssueInstant="2021-09-21T11:01:43.801Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2b23523cbb40d2f12c10fffd8abf63d9">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Uk+vrexy7NDNlZdpuh1cYughCz8eWlTNVzEIbr3Gq9o=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>Gae84Xs0IgE38S/KfB63mukVQ53edS2EH/EN1C4vWn6RSx8rePbGrDDbxzrxZhA7JxIlcz3vcXC9Pewic3edzrHzHQyQ3oRY2LNNYHhr/38+fQ7i22BQS7v1emUAVZ/AbJUWt/TFeGj15rtAX8ms8P9eWhkREDVqQGgDmZUC7txpWO2rRa7kMVw7i3LVznvG+TVMoiItavkkkqRrrUHp35qzH6jGN4SmjEQgrbeVhkQmRQxnqmrU+yGJPiyKmov3mS+RXjuCh4VQyvAsMJ413HOkzyVUdqWmF7ZC73vuE9qS/YceV7ywLYG/r8W6dU9l6Lvwi+qq5mMVDLsNXobO5g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_29c87569209b2de8a7315252bb46b1e6"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_fdeaba821cfedbdb2225151880956f71"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>kNFYtgPH8Sekh3lM409GWBxg9K6NFLK/yLgzLcwhLugfkgZtC9tNj4cboFUmLd0neHNyS35d56+fFvi/DXjPBboZOQ1NfRGHuytTm3CLMJBMvO0Xf+aGkQwWffNGbej94Fjfxn/nuFiQx3SrUzMel8tA6cuoE8/sUzQHBAajZBy/wu6Nvn2bEoqxUQ2uxO320CjsD8kzQbf8ZBivOl9gYt6Af+g3A0jFseBrXFnxvch8cWZJF+25xYo2BcM1nwm8nvsEYzNDSEvnDdJhcLTWhX8T4y/Cl45PEO7eOZG+svrlOUn1EkYr3DRAvYrU72aHM/UW8h/9GKYWFT26BDP04Q==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>hwZFjXYBjKVeTw2gFgzf6LPXVbtbuDC+n636mi8liSCJvI+1IJ2XTsv+VDegaktClxPNz3RHQIjf/wKwi2T9a1c2iVsBDqWGdI/N8XRzkpCvE88br/OhcxBSr1OReEYaVCqWxlI8H4xS/ncjn0I1dNkSwAaZjGzkPpSRf4axgBjlrWeqLAgcdyAQ9GhEl9YQ/fCZVJsTdAIAXoDteautHVQoWrBrgySsy7GQFW2vaYjfkERjT9DYhyhWRgbasitlUIOVBR66uuLYktMNidQwr9uwXQi/9VuDjADQPmBJBD0wPngXVAhBCR6xR1wlV6jnZ4SZzI1m+/U13zEyuJbAMuVUwPjaKS442bcjWMj5rVj0c33sCz3+QkzxGe870H+9R4njj8t0u88XEmT/RVpHe/3tCghEmFGsGGdQOwAZ4dREzo+W/Y1CUZA3eUksumOYbBYig935x58vbwI+o3skFQ5UXriLZprhF8MMyDJ0aeLPukfF203mVTUluFZwhU+4onp8ndD4ukkDZm7U+oTBrnWkFnmfwV7UJBESK03YuAj1yGbxqzmpJ1+Uy7qqIhcOh2amBQEx6XcsvF4rYJSBRY65iMENRkZDzmrQ2kYfKzWTJkfn54XuR+VqiFwnFTnsLHbog4hH3n6kdOM4NkSkITL/cY5nneQDYN6PGbq7e7awXbyOGVG2TnZ7CVcKWRzfW5o4Chv/iEcXfNSoK/OvigcXHlfl+PlsQ7UjXDqJfeSF+8xBvt2wbP7BxJNpkdps32fID6XDAPONEqbby4HFuowmMr3E4SW8WgbZMFxKQGlnzXZ6VI9LkrOnAFFfX6g1MkNiMtr3sbOmKS77Nis58Nq+DyV5TPJ+35rEn10MhkgSQLylcz06IJbCTC7Qfj4bSR7zXHsLogl85vVRJTs1k314yWYu+B4vY+boM4e7u2W4lpzov9S3j/aZ3eVSj3S6s3kA0lmQbrO4hY0J0FfHB6K5UEu/Tmn/cTi+JEuTm5dlehyuy8maGtEGzrpSFzu5IbHbsuNDej2Bk7AB/i/4UAW9QEaVPjYXM7d2IKWaxNOxcgRQ8c+jh7j0pC0opETcq81BHOdDGvKf02xK2D/CkOC5LOvKx/bbMMB/DZ8b82WfCB/Abla7UVl86/BCf66Bpp7ULbUodpEBkGu2PfBcwUQbQQDA8jKpOpJ58enGHLgLxNFUuy5vI+Sk4UnFP1+aCMUqWVxbOj6K6M03Ju4Xaf95UYbR6GQhGvsvXotKSnFVr9lcqmhlMQjgbZfCMLzAihGtmv4KCj0jlKnAVJ6R22Cvdri9Nq1jJDIhiImtvPuhi9imU8JDXkPC5UwqgUz3Z7UGOSkhOW51HVhgrbxgkHRycjafccqHDc3vcewDOAdWuTxc+uj9eL8lPkg96p1yoiSTBn/B98Q82mL5gDIW2qTMX7htYC4FKzyllwrsowA0LglN7ZTbMvgEFtxORwK2p7QgzQdMRlQZt9413snrw2bhFowQmgYnXJJvwPpZ5De78NkCugQzTVjc8Xzu/I9dIgj32z4x4GK3WY1+LXib3R0A3MR165C18pRhMZvogA22aSuxRq03IfJQblGryxaJYfwISB4VtndYRXaK2pmWnLU2zn1wzumquSbxA9R/9FllKpOaWuTK5iv0+3uyfhazPwYEFDi3Mw1rW2k/hU2aRzma/r5gD4JJHeVwAbT2i/fgIbORkkf0haR7hZ6mJ/cPwfAnYAG1BJYzXADump8/u43Lp68AJJhThTCLi02k4gmxbENRqJAs0OtCO196U4RFBpajTYf21wbk1tLYRIkAMTZJlAHzMr3mx0RcMcj61fEibKGDW2ogh8JI1AkuCcwA+S3ndhFU93f4aPDOHEtUut4pyijyjM5BbSJxf2zstqBZ0LSVR7Xrv/tpTO8ID+iLgUitFcp6qKMosxmrNA0QnLsgI1Dxyb4eKTJsFsoPK+GhiDiTavAIsLrMa9/3AEmn/8HY2RcMLCEhvCLK+INrNfgNcsOmELPCWhVPAYLenPLTLDIflHFDCkCsBQr9ZFy5tHbChMbxSFGUBQZ8MJkREVs7qly/NXyO91+o+37izVHxRptXekM607+23Iw9V0an/tynPde9h0/JXk9HM7BCLlp/hP//d0c3ypbhkh6YSMD74YcrLJU4mvcxb1U4fusYuu13aUb65Iyxus5UzPQ7HFfZnGO4v5x7AUTv53K3bqQbvF0lOVUr/uQtDhvl9Fj8FoNdIvr4AYBOKgrmTsE9eQbdfx1Iwo0WfPLcx3cxPag7dvCUVdC9O+bJX3sv560I90fwAHszv8vuW8IRjrPCon8gW9XFN3kxwvRprqJ22kLikuoXAOD/qAPS6HTMUFueFS8MgJ3qpgRcfsVniNKLNUMdN3o5eJqPQrKS/G1dB3a9+vJHs2BhWgJtWTj2dIvOWGaj4ETWoEEDxRZpUy2NaKICbTGfgs8JfN9BcqFEoVhs2aPo1ThKBX2E2y8AzL80jw/vuFRpBeRmHXczDmB5qPob/tshN5lV4ZUYMaucMv6VAZZ+I6kYELYz6Yq31HzYwdMK/ltZNi9vq8TBbXIzN/WfkW/0+uMhEP3ZydbbSrBzU2YI640/OXlB8Ga6pAiHXDRTh/0F6ExUmWV1WJle0xhQPTLtMi7uEDmxV7cM9Cnkm+uc0B86nTH8x+9TGv5B1Zsdya5GF/UXdK0CIRdPJFNCEpFz6kcXuKX+JyBHK892muGWrMWMtUBA2Yc00LEFFj/LfmKr18LqouA9r4K2g24lt0/HndkR0KOlROW3MlnrzF8H8DjWK3qLuzdLylKsaru1djIDTpFUWvKZp+AGn6OV1cLrgmBFiATW0MFXLLVeeCmFOQ4fYbBSUjtIkwEMEsbUe2QFp+qgxaFFBUhffebmNF1W8Rj45X4GOUyQtQRQRccrpqUc3pTG+Vm0m3SffSYVJOxqcbX00sNNlC1Xlj/n8tmYWOAOR3Qt+zSFWbfG1I20hXioFbnsbXBH231KUyiS1v73PxnNRwr52Az1/7mCvbSVFk66DMrwPpOqpfU/i+d2UUfkf4jNOWr/uVU+a3/xth6WQQxvuvn0iCw6bCYuPot9Km9OXgGvgp0sVy2zgmcjZI97uuMgAuIiBSgSMF9k/w+iBEEvk7TDGRIy7oIHdYPNkp5gMd2kJJXAOmxPK7PihbfadKg2NfIzkwESwpCMW2Ds71m10dZ6/6+n6UmQIbB6SZTlUThXKwUNOlxmVqp0tvXKosnlifmzHYVJvAr8sEm4EqsbF3cQeDbZpUv9sf9POHeAav+DizpjTHAmshALsr2jn2KgBYMRA8tgzP4U2U04TR4e71fKAQ85Cnzu5zrzlhj1y3gqczsXDoq03zs593MwSNESxpWAcJWk0VP532JsVy1THO2ZYOCP5CKYumz0Zb1WVMGXpnEavoVfdzY1ODUmI4fCioYOZ2fDW72GybWzo5o4FwkIU4gjDd7kGI1nFvgAutqPYN2Z+SYBeem78nXx3GVlAyzmJGashbNHSXthgPBXfeFaozfJIi8NXixDvK98YVBfgxF9KzZQUqyeWRrLP6VS9dDNfvtZk+sUmt6dEfJgGvx/5LC4nPqomS67Epmu3vusZwH+bQXdCLs498BXOSDwPJfwNQzlSjMhIaJlDYzJh8JHtta+VtbHlMKg1rw6Bsi4OiYxDJ3GCkHAajQjy0MPzN/NYJfz39yhdtWuZxbuMj5grYCudb1rFOJW01x2+kwd3ZjOO6h62OIQ/D73r7pPMxvOcy0VjfQXVwuOoY++yZTnkc0v55ExJdktGKqjCe41t+R90cPZTXx5AoN0j5+Cg7a6GxGR0OQqB2HaBT8sIwoGTdGs1LnsuUvz/B7zgsx4XgJaFWkFvcO2EB6Kx+3UoREYAGcElDXyJ0pcB9uPUX5wwqdPoBJ6yqaUybV8LfOIG6Is6FsPYD4TyEEeN6e17QwrVNVeBOZ3uRck9Mw6zijkFZNvgAj6eb4CxXdpdfCVFjt0qVCsm2QN8IxRmCLxVPPI072Xf0g3tsJG3lOBj0WEmGk8reU6NHSFrbfMW7b0ctqHVsP0rAibxk3wc6hQcuhNTvjMZiA1qY93KYpSZUFjvd9wHS5Xt7cX7OXKbcTaEcrzNJ3NYDztjL8W1cTI+yZZjxYLQHz3Td3XlL4gau9opkyK+X5XE9grw8R5acYVXmywhj1H8gcEBpXm76/4PQbIlrbQsbwk1GmXzNktqXLdrViqJLulXiBZa70PncFyGVUBa+thLck1ZOX2c/2pL/InFG5CzWk7njwuhaWZpAVLqgKOToUg4+bzqdnfXyLFvQjvxo5uOZWEhFXKumPuGwt31AZDRbm46/kL2AM0DTXXH0UxKu6Q01UHreNix9OtgfAVpnNFRN/TzUJ/823k67rmLIq63k7DLklPJdU0XBk44ckKB46HW+UDONCPeDYKF//v/YlUGdh85vmm0bhJoNa+7JZSOXrMmg3GudUe2OqwTBt4aOC54KNpkLFfbcnpc6r/hcIFOiaQ6npwZ8g/JMhNItWHc8y6A1K5qonU3dfwZgU1R7vanI0Cu5CTgUcZl1Nbf6mMrPZzdntvM0BbPBj5gwFPAQbbgq32HrvR7hSC3TEzof+5Eu1ZJfTesEFZrMneoV9Oy2golVEyjjZ3ptoXeH4/8MNEe6x7lj3Fjqwja6nF/8+/5v5fIozYZJn2w5xmLKGSlbXUpLQdMgS1a7V3ohfE6YDQGhmrmZ6e/EH81oIe3Xt1+Kv2RMaKWH6oCY0HUFxLV9DQFnT3d6IzV0tQaZURmIVskjZUMsx7eFg0EfBo2DFnWQf0S8vG/Kae9NTyLDH3Gf/FGgjC0JQhKgFlFcFWsciOjoVC3NC8caR5FcI3UG/8zjyHzorFifybXWdjjvnDc0pj+EqKWBl02aTA1rdnrHVbKZP7hoCKM00WLr7NXijNkCrqAd+W2jBfpj8Frt5ucnmLRgKmganmc2PYa9DE3DYWIcoJ8R8Wj4VTt5XGznO6srxmwrWBdUDVem6pDOxKPyxCUmI41OcGSDbFi9jQ6tM6HbT3HpUhoM5rbxa7xv8BOH8k2jPEqbGoFrDzyF8+SRHDzQwm++NM3Sg1z/Qr7D1DgcDpbzOX/KaEBwsopdUoOfMbhdNKbTFZrWkq97QiqHPRYhFLcaQLhUm/0og4XgpHFGzFhn6hXjCI9w8pxK03QtIvRoPu+OsKN3iAKFS5VSXD9CWevQFDKfHqaKgaa6mLRaRakHgXcf5z413gjgHp5JADNoNfo4CVp09+xWjuRCsM3JtKWiG55jV3P9o+GN8W7DIsMWuvE1ZJurczvomvn1q8WzrU6878oDTg89hdnRY6ifeOD6uZmQhkWrtY7tJNXe2mLdo2INmVBZIaIh+Fhjpu1bbyB8VBNnmxyJ5VGtGzqbFPJfKkPI3xhNA/Q6bE8zjSuOxB3WNsy3jXyoNDt3qDYVhgAM13CJulN8UnZJ4ppjqGqtEZQv2ozB+QeDh9KoOAP8J63bJ0o537eoS5s2ASZiI61AdWDG5DE1OowpAr5e92JOpwM1+En7GVzUKwWuxG2jSaPFYO9lrQMJ8KXQAOgDz5vwa33RxuNL3WjhIx3+F5V4kpYbinEXq3X2Ig8ZX+CQyoQWs21YAyM2LC8ZRoSf9x/XmS8z30rb4MxmI93pijGp4wEaHr0dMNzYFxEKu0f/eOJeTWvPNCl9DkX0YFrRORT1LArCUAAg+MR1vqheGT3GvPRQVw2T1M2+8xXy6qes7CYqrUfoo6ZwjVteisjx+lXvL98BAJTGfPVWA8SP0Ey13MoE/DMQtfYgzwXx4bRDbNqGtrUKHPb8D7wQW6ufd48ui4J3nfLNR7YNl1dLVTX9yTP3iw+jeW8+z0DnkoD8pXcdP1s9SalK2gA5uDE0/dDkr38NeNi2/TXtq0KrpWb6O3ZqhHTbB/qicVqKDEMIt3ZxymAIC4qAOa4SgtHW0QA3RJyYPvtVza2IDK5EINjW4GP8q01lHzZAqqpRNhHvSe4SjbCscsUhNgGCg0DmkC/bBbVVeydSFkvmdc5VIZv3jXC5fhYga2lGbOEJjpxJlL7wzrkd1lDnPx3UAlNAwj6oCH7Zh/mF8Fw0csgrIyYG5invkWndssViNxR7D2eG8N5pxW88oQ09leaXAmxaNoehVqP6akV8KqECyAN7VxNz8Qr3JbjeIPxw2gUVt+bCitHRc4IRzzI7s56H/uPSiSp11GshYLBz/ev42KM9mGcfUSttwbIpBrnHJyvfUnHKyk6648DwcNmAFvNTgv3rBo98lrvIgHtbQY8gJ8Eq9aTofKMQFtjhHz7VfBDIgOGshsZ7BSRLNht3kAljauuwQ0GqTpwGHGF9IijUIyblwS3SK1DmDlOnmwxrYSvud7uT45SbEvR8PjYVID07DPJSvMtPr1xGKCODsWmK3ZpPym1uK/dEtWJbvLXT6Q3pcTVq5hRiVKx2jCJ41q/xx8gkWnK3mBx+xDM+RsXk/3Z7xUkgcveRnTg06vIkjyeToKSlS8A70UQJGkrL8NaSVud+hCgaLJiL95awVuoXNuWbHp2BGxbYtNsBNqwWKziLWPODl+Mx6M1kNBj+bSeBlYgX15o0BsSo7WLxpT0sKt1rL4+hvHoxFcvIiecDA8SC/LJ9yMWzNhad6ajDQHHk4uUeHnbJXVjh8XBmnBXEjPY1BNDAoT6cFw7WrgeT5r4uB57ZTIe/785d1TEw5oT2/TxfiMuSD655JM60JRb7nnqT43u/jJigIGe0EkoWPCq/w1okqk2cioffNJLvTWTw21Yb+2J8qwatE0JZvY9jGvtgFftzwbBrGVKXFIS8jDEl6CBdworKiz1KwndrahWWvc7WVjmxYi4t7CSsUpoE6/nLR4XKXkEuYHJw5YEPcmd0jY3N423t1R259YqGv5+TasuIF/KGfidQe9Bl10Th84d1BSPKSZ0UadDAg+Q5yJ/Aj9yx5kiavAaakod3WOJBvSUke9jN4j7i+HaY9KYXQszf6Wlm36CTh0FrfovjNwzZs+N8Fq/TumI51FLm3DDi5DYCjq3erDNpCmnY9QgVoC+4Z68oZ/+3mVRN1ayXFINFa6vs/gKgHlP/gaa4Tiksr2C0V3QAzmDrbDDJzRvHGyzoHehxS4g0K25ISeBnHI0UvpVU+/ePEivFc2azKTHq6+DjHRXZ1s4vkoAQkx/dk00ETfJasXZbxCEr3WwFJ2qkr4fe9mg+y+9eMlpcndIBfmXqJWMGNBOM2YuYCBAVlA8keQSX2AzKTv6SF1HaC80zs0cOY7NHrJQrK3E+7sQPJLYURr3fuyg7I5FShwY7AAkyrn3Vin+oYzLZJvv1wnOxWg9APe8X2DqVIhvzLkPt9HPErHRMQWg3Nn/xjMszkQsC9kHsa2WutnMypEuH3f04hnyIV6x0DOx+8JaUPAk+gB+fsCYUT5FC73aCOOlzBK31NG9hC1g9weNJyJ70hbVv14vAF1rtxFWC19pH1jEYV74gyXVcQtj4LNUVk8nzhDMAG1iAcQ0AVHQJ+i6FdFIi6EZIgRnxA3ZLwgu3kulknKxI33qkD/ajYdYchtLKOZ7UpeEeJB9R4StOGBUcwB1v1NAtt0r4lKxEHxE+39WiysseiYQxnD/8M8/iJSx+71B0qBLEel1xEJIMgN7g72aiHsRLBATBCc+wYyTmKI/XlWVbA3NUeGfLxMgqqXIO3nE88+zWNvjK2bEA3jcfc9wGbn01AGQmUll8YtQJZtuz2+ovB5TxPOBL45DYmWmX6VPFHxIthUTl6m/yNLEsVkGcCvnDwXZAnLNaTLsFQ8/JO0ln2Wpn/TQEsU01K5ZaouGaTwhsitMzO5Iyrw+joakqAhM74tEI78Lk5iTkNua48oEmbxzwkou5SfnFpKVAyFlqjUTKgSVx8t1mzLhjOkFSmxBunR8d27RCzMM/Ux50XaxTb8QBwkBeg273bLQMM6AL4mD9U/5pKi6ZRDcGPbLGIqHuFNoDEAVbIqYQxM0pif/9JH2R8NgA2oHK7wCneDi/CbCP4CPOryZw1oAGCVIiIXqB9FAk/P65HBmW0PWgGZRZoeaLAOHTuGouORVRwgwygKYN5zQkYLpEGF0AhqANUgNVrlWuZF7dbmd17bmZ2vcVkqZAUH2PluTHluOIMzaVck17TSYhDhGdIDil7X9U3VALjymaJCSrm3EOqKTu6iuSJk7xS3qlRjmdERKtyWmngNhL/adqr9a1hYe9VXtbEAA06cffUVZzjvy0Utc6zSv2EqQm+ssWkoyHA=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:43,847 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:43,849 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110143Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQd0bc83e-f57e-4d85-a997-229f7b6dccd8|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2b23523cbb40d2f12c10fffd8abf63d9|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxG2aVgkrRirsvf9cITRnum3oJFCk5sT92M+dnKv1g1K0q4H19ULHvfVpmLA3QxGEmtViYT20HB1vKFgHJramtFwbF/G0GFaCfWjtoiAFw8eoIcZQPFXpwVitPp4U=|_017b1213ad978ab589c933dbbaa58e23|
2021-09-21 11:01:44,199 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:44,199 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:44,199 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:44,199 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
    IsPassive="false" IssueInstant="2021-09-21T11:01:44.881Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ5f6ed23-4b2c-44f6-91db-b54853e99336">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>5aXENwceasRmVDLmOzSt8XRtA2dgKzsMOX51yFh14cU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
E0KKQ/X3xRNYDHP/VbNeC6S0lsGsmF3RHQffCIjZasUCfgZHWFDRoc4/nwC59xjnjD7f0KoZaWmb&#xd;
iHY5/PWuI+ep7gEIsX+WHHuLDCG5hzb4Jpx1eJB4cs/HjgVEZLfNUL9MJcrHWAzDEwtGEpFJPqbH&#xd;
Bz4qiwPGTNi1BV8k10BCILwzN7EqvdLsGxO5scaoV3kQsfOFpg578ECsvxdxC+t0BzPG1eLjlsdz&#xd;
eHZw1+bc4klTzHXBb+wUwkytJlhXJB3E9j3pKe7GDYgdbzYi/ri232sDQ450hGBP+O6feiJKR0hW&#xd;
5cWGn4x53JZIq8ouHv6DscaL5d4m9AVbounblA==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:44,200 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:44,200 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:44,201 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,201 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:44,201 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,201 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,201 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ5f6ed23-4b2c-44f6-91db-b54853e99336', issue instant '2021-09-21T11:01:44.881Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,202 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ5f6ed23-4b2c-44f6-91db-b54853e99336 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ5f6ed23-4b2c-44f6-91db-b54853e99336 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
2021-09-21 11:01:44,203 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:44,203 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:44,203 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:44,204 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,204 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,205 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,205 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:44,205 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:44,206 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:44.206Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:44,206 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:44,206 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:44,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,206 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:44.206Z
2021-09-21 11:01:44,207 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,207 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,208 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:44,209 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2aea96e6'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:44,210 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:44,211 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@2aea96e6'
2021-09-21 11:01:44,211 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,211 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:44,212 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:44,212 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:44,212 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _4228eebb5efdd43bcc1b16660295ad87
2021-09-21 11:01:44,212 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _4228eebb5efdd43bcc1b16660295ad87 to Response _b55f25f7df9ec0302204eebbfdf90fba
2021-09-21 11:01:44,212 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _4228eebb5efdd43bcc1b16660295ad87
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:44,213 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:44,214 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:44,214 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxoTlhzNPERznkZAQLCFH2q8LSJu1zoExHyqsa7dscBdbQ4pmDUJJZV/XQxE9v4qd1TvPI0iN9ZqkBS3UjNoYw/s1RteuocGRVkI7Ys6RQufKM6rBvrW+IZXiOUcw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ5f6ed23-4b2c-44f6-91db-b54853e99336
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:44,214 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _4228eebb5efdd43bcc1b16660295ad87
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _4228eebb5efdd43bcc1b16660295ad87 did not already contain Conditions, one was added
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:44.211Z, to Assertion _4228eebb5efdd43bcc1b16660295ad87
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _4228eebb5efdd43bcc1b16660295ad87 already contained Conditions, nothing was done
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _4228eebb5efdd43bcc1b16660295ad87 already contained Conditions, nothing was done
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:44,215 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _4228eebb5efdd43bcc1b16660295ad87
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxG2aVgkrRirsvf9cITRnum3oJFCk5sT92M+dnKv1g1K0q4H19ULHvfVpmLA3QxGEmtViYT20HB1vKFgHJramtFwbF/G0GFaCfWjtoiAFw8eoIcZQPFXpwVitPp4U=
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxoTlhzNPERznkZAQLCFH2q8LSJu1zoExHyqsa7dscBdbQ4pmDUJJZV/XQxE9v4qd1TvPI0iN9ZqkBS3UjNoYw/s1RteuocGRVkI7Ys6RQufKM6rBvrW+IZXiOUcw=
2021-09-21 11:01:44,216 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:44,217 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:44,217 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:44,217 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4228eebb5efdd43bcc1b16660295ad87"
2021-09-21 11:01:44,217 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4228eebb5efdd43bcc1b16660295ad87 and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,217 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_4228eebb5efdd43bcc1b16660295ad87"
2021-09-21 11:01:44,217 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _4228eebb5efdd43bcc1b16660295ad87 and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,219 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b55f25f7df9ec0302204eebbfdf90fba"
    InResponseTo="ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
    IssueInstant="2021-09-21T11:01:44.211Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_4228eebb5efdd43bcc1b16660295ad87"
        IssueInstant="2021-09-21T11:01:44.211Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_4228eebb5efdd43bcc1b16660295ad87">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>zccbUh7RpDHfwlNY4JRW/OQgv7fhb9yoGcpbSZnMZ2U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>NGUpjdiNxck01llvOwIMNu5PaTXQD+zGNk62sptcMKVI0q5PZDM5/Oa2YmdYDotfqMjhBbonP450j5EDTJYiAV27fTQRVG4XVFkVnh//zC7oGGnGaOD40rqWw2z7lCOAyUhHKJoCc7Wew+QCYomPEagXsXXddttgeMl9U2ydthtvlOezAOt5R9fxCEwmjCsfRJNVBCvhxQD2CbcDz/2Jv9KwJlT3wHeCv8+SmSYVZKXJE/VgZrMCP0sA67dPtNi2QjaBSRmdVIfM5YEvENq6+buVIZXkTTMPxU5/1j2Vv5GDG7HPb7sX1sw2mQw0qdEli0e6ZySFDPRxlxEKsrhsCg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxoTlhzNPERznkZAQLCFH2q8LSJu1zoExHyqsa7dscBdbQ4pmDUJJZV/XQxE9v4qd1TvPI0iN9ZqkBS3UjNoYw/s1RteuocGRVkI7Ys6RQufKM6rBvrW+IZXiOUcw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
                    NotOnOrAfter="2021-09-21T11:06:44.214Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:44.211Z" NotOnOrAfter="2021-09-21T11:06:44.211Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_26bb6be91d96c4b0c6a5df832764a433">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:44,221 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,221 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b55f25f7df9ec0302204eebbfdf90fba"
2021-09-21 11:01:44,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b55f25f7df9ec0302204eebbfdf90fba and Element was [saml2p:Response: null]
2021-09-21 11:01:44,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b55f25f7df9ec0302204eebbfdf90fba"
2021-09-21 11:01:44,221 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b55f25f7df9ec0302204eebbfdf90fba and Element was [saml2p:Response: null]
2021-09-21 11:01:44,223 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:44,223 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:44,223 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:44,225 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_b55f25f7df9ec0302204eebbfdf90fba"
    InResponseTo="ARQ5f6ed23-4b2c-44f6-91db-b54853e99336"
    IssueInstant="2021-09-21T11:01:44.211Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b55f25f7df9ec0302204eebbfdf90fba">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>lxEcjMA19OEyu4thQHD0LWdh6qIgw6nsPBjiYO9rUyU=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>q490zThOVZRleuZKw4tIAi+s/r+9uoZInBKmET8L/j3JcJmj5P9/9NA+IQowWF290QVmn+QEdCK2cbV6qFDFn5tLSF6Z2VxwxfUhL9uVC6dBbQf91xOdu7OdrmP9F5JqRYjoaWfg5/Q8vKJqttzHBKf+oaMhS437hqBdw1tn8YvWlhyNn4RI9c0LF81idTLt4ZGHpuXe8fLJQhfr2LrFl9oQuwYcn0Xyuz8rGZT4YokgtU+duGL+d8IUb/pXAz7zgsvyHSbkoeD1SJmVOCZco6V7XN2rN/7dkvNjF5OXbMO+4gQI+JmzIVShgCpEkGkcGwfpM3BKyhNFheIze6WrIw==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_31b09db2f6716a4e3e1ce75ccefe0e8a"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2fad5eb4273131597742f188dbb03402"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>fvdH9K4Gl9Qsa3TKrxw2Gw5P47SgFYOrhwo+SAngfTFAolVMpSAG5/EbnW+7f0BbVhRbBZrT1OmEQgrdYCVpm5bcLIl0g6C8/R0x5QPCGwCxR6hDf2lXihyJiJNgxusfuCuQXzwoswwU5m4jQxyPHFC2uyEzlAK4mIrP+MAZrP1t9ZKFKONZecTD3webKIYQ9gv9k3ZGyDfsucCR6U1MAIkbOIwU04KHiwKPfqTw3Bo0ru5P+mjBeG4sB8yXCbdLOL5y7A1Oi6Um+sGGqmHSz7svcDsB2L+iF9yLWiFTKjGrOR9cTp5DKNiUJXQycsmxPRRZ4K/dk2/exDlYPe6NoQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>YQs83hJlukFwy0J2XK0t3ikaq2beTHLT6mPjRnIri5EL3ha5sA4yUc32xORL/eMsrrAA9nqxWTZCuYTcYlgPd1wq5KRKaVAwNzE6Bxk6PD32gZFGS8xhUyMntDjEoDr0AktGFFB7dCMmLWg2ljHZVWIIMx8EZzvHGbvsmUYaA+68j9nysYpBecd6XV2DuSp79qMdQC9EmiRQsaj1qHerUOkCAryrbXXEH2eOq4XAqQSFOKbn8OKkrjAThre6A2vDSEF9rkIshxu4Yh52RevVkjFeCDK7QQ5tlnZxv/+Q4qgl1PBNFrf5mCjufiRDL/pj/ku6SpI9FPdsCcv8rkOVdpQqdnTM3DCYbDWtGoyL5tTnrSMN3nRsbDL6Q6bUHHg0Dgfqh/6HZaY5HQk7iQP8Y86VmMs4UKXoehS5lPyBLhBmoDtgygQN3scll7XlZTl1wNDH1RaCfFh3+QSa6i78O55BLS/Jbhi99ES9iKrqVD28cPDZ0biQ5g8VNp0TZESez4wEYendqp5/y8kenAZnS8PFlam7caCTMHrOvTjbmxt8Z6QwZqFoyKw+dyffjNGLoNW4Y98YaElzcODieCzTxIaSoAABPt4Qu7DO0Zo4BlU58oNIbJLaVYoBv1zptoxcn8pTmJfOd0F115MqVEQCXUWzp8koGhQyqcmmkGyNzqCzVmU53V6s19P09H+7IXKzsg0XrfERr+NyvyXV20xG7jEo05mPEeaaCGW+4snZRO7didevoBC/Xi4TTpV8HcIA8dCDPy2NueJTytB8F6LMgdkDbhaljUqWjqWqB4NL311A/uf6FWVC/DNFH3WbqnXOFgnONV6Ddn6y7qEhyMLWGEJL72fn6Mm8Dq/en3JNC1aasDJDnMmB5IVWD6dEric1K1S7tY95wKlAO6ejZ8uQap19subXr/bBaQk+uaedyGLsU08sdujL8uxXDpxsfN6XYDEitLiWCOw/RCQRp6hyIhaES9Sg3duzI9b0ZZCQoaW97atfuzziHLKdIhpkHEHu0+nS0bnMsxmDw3ZrxPZ124hagvA5gauKM/7mbx+VnyruVjyoo9nBKq9Jt0/Mk42pY6cYLly+UtWkkmzuRnA/x+2eiDTezNTM8QPuVIaw6dm62pwvKQWdl7QoN5CPcHk83V0rVuSb1ASjhPBkLKZh1OufuY/p50JcoLcXruRT20fkkcMTaFys2ZCHytLdUbhL1Zt8k+cAK9ZhdjLQWWObYNFxiRBcbk9phqXCkMnkk/rb/xDFOEs8WMwlzPohV4OjUbb68AUoYerRWMG/AFBwLgChfurKu9xe21uUnNSR99jf2+t6TH/L5ZMlGA2Lki2aCoN51CHsNSEMPLmpSI93iNrENUVP1+W3SH4TuZJGkK4sXzKoVlcZAoS/Y+JcrsG9CbVU9Su/hVEoDWVkMwhwJElxbzmgXjrKw1vqbr8NxdyNZTACcrdvouXRRVcB5apLZM5Bqn3DMhmqiicPYt/GyIwFuxsUYtQhDoHFY4+dc7m3LiSGgQJrhtCghdVEPNoyNdj3DBX48/aAClPeukiR5/CtYV6KAspnETW7wyfyz7uVAZwrZhSQ245ZJ2O+klFLca5BFz+ugeZaXBjFCklXP6REab95R8OcWO5LSJi2ZJ0nxpZbcIZnIs22ttjDeXSYOGekhgMZ7m/+Py73PulRt1a0ATpP31+407oyRotobScZ4z1UDCHbgF1L1IAIVtEipN526R/gPz8aROYDC0Uu3P5C9us8LPHZadtw1pKf3ZgQLZAvQdgC0JjQqU9uW8pcGiHfJXusxVV6e1J+748A071ooreCEIdhSA3KEAnSOmteBRFdHsSNSSPySbC4v/Ii+YZKRevqG1gjZztJEVnHukqzKK5YMPt5hKJUsjWlt0ENkeLVhfeKspCuRdYb+oVukA/VT+u9bJUliKA8lBkifN27TJL8TR2kwhKIOZPtW+TC1C7vBBnzChdoQNnNhskzh62iuCSUYngWBB0RAEckGg3LnrdqGNwZtTRDflZYluMdR+gdIqoGVRewQurP2VL7sLCL0ilLihQdNGploY5kIa06YsncV3LucGdwtrEU9zGb8Sa5hYrLbHm6CrpP7mFK+Et0WFy/nrzk5Xsr1/aSgdv1z8eOfxGYfuxGxgLm/lw0Ltr13K66GVfuyJ+H3VEN51doGucsmbcu+ohBEmCM5EuLRFstaCzRsaA6m8xj0XhDymiuMdXgYWqvYByvRyrFckZVO1g9Xf3Y4Ird+DWYoAlJm1yqEURc9IH0utd6h0gsbVvotlOeh7gPlc6zor8cFbu3zLA0V0+I+GNkyQntaApVHgmqImBeLXQAr+hDb6cPCDYOUy1QoZfOiOWab27PSyK0my9+w6wIEw9kn/s2zzvQz6So+/BSHT/tewapfUZLs+M5vHKHBaIfp1DnNVR1neG/9klDTmZgnWCjFimzFu1/h2GE/EjNNlf+UlZ1T6haQLNtEw7loY3Qv0cVR2gJ86H4BrwZsudTDZx1VoeOl9fvZcre23jFzDG7dviUJMNZ/7C/mNDPoKlFubZCJqCJJwD1QBwSwR/oGBwblRgO0ZjMPGXXnJeS7eC7xHrIfI1YwP0PM1O9l8qaFlZAV1URZQHj2F9AzZMicgl3e3ZiomOm7dClwzERFu2hhsjnizQXjV0+u+2gNh02iJe1b0qJP3zGbYQ74+vZxDO51i9VzV6+z0neMh43u8Ce/kycCjPQg7hvIIkEVH+vVwglmmI8auvTPBNf3hjkZPkQMiVngIUtMz3jPTDdglVwUg0+WP5ikjct07Cd+Beg+B/pQOdjIYHFh1knf28On+Ou2l227ozsKPsdoeZVEnoAR00uxFnfvOcb1BrV3+0n68m8Xj2y/UQDcqTosJ3TzpxWWJrQe6E4hTrCi37+/LM1XtQi1kE+IQpesli1wrE+RUG8teKto231DSY3oPdgwM0/gabpJeS+jC5/BBnzVLN0X8vz9JvyXHHknaWYwJ5L9MZ56FScZUEfsIziZubTriBgD7NJ4PwZlFKMcvE9AcWyBLryqZhTlL1DzQqwPV9IZZHTSfm+bcCw7WNe64IKp7WYN+Iy/fXr9VqUgpBYD5Nwd2FdEs1uYq074BYLjTetJK69SxsH955vgTschucDoCDzUZFkJOp38ew80I5pkzO7sd0isSjbnntcqJ57YbEA0v7W1rEwwOt3KLeT6LUMeXYI99fMmMXm/42Uw62wUQPZgWWLdvDJ/TSFdtxXXl2cFvxS7aSmquYs3GjbKtesnsCZ+S4NCdevpPXwnN+kdguyTDQs855ypQHOd5zYsfmaILcon1QoDU/5VhUX5pGbcyWpjkkVEz/nA1XrA5yHrXFpZuQrYvvX5WvbYYRc4DN/MuH8A7jQAoxJ7tBEN+hbsgZIPr9J6YqN6YpYrg1FGM4gNVFyD0fQCF8RmUJrD/T9FQF+QYHudMm6yUekSZKRR1+XW+uQVEtMGoul22w42auu7JSHdcGwdQ9b0mVpScbvDOHjeZgmAnAy2RArqANF+dvZwLxRT2zB+L+XOsxiFB1o9lp/7+pdUjsDqNNTl8cEm/e7mE1EJtrAkrYXMkGD89U9O+DEMi+sDO1Qn+DsRmlgXeoHZ0ZEXVEedQ71Ue4P199nG9BhoS5dem8T7TkOv9/GytEeNFVAvKjtLo4aq9pAKr6k+utdK3sg7Dr3GAog5k7xeMXniAiESs/NtvTZct8bnSghw0EzgMe2YXpp3UCnkRUcG122NQtinJ88yiZ3WQOvAYRFWJq6YGgK+P2WAENctDnqur0NXoMrZ3AvGXRpdMOKEFkKGkCXL1wd7P4ez9SR4oYlj8uRffRMVwlNbFUqV6KvQchSdln4pa+B+dtnwkUYUVyEmSkie17282fIwd8iTMUeMFOxsFmUENEVVD1DkAorNijEY4DgSartcbZORYrExafxavDp7Tbj6ggq4hRAMF2/k7jFk1nRhwRPRwm8E3My66gf/F44YtRFq9pKOOcD9wQilKLFoZbKZD2hx7kyzp0+R08AFaENv6nLILsWSC1tD9pAmbWfGw8JD+0SqruiHtJX3co1xWQt6sCgi2YVvAnLfwF5Ag+9AiFRoZ7V9qcTlS1yHMr2QSii+Wgji497IUh28nsY9Cmt5UHdXL2MfrrYtBS3U0+wMpA7DrOU0kkzm5klU/rFX/Sj6FTFpP60JZYX/aRecWAOouH66RUJ4MlkuvEM9+gqAPFP2EHpLkaoDQsrWqbpEAXNtQdWkvm2XNzHxvtyTBQK0qcjjIXlEBfYhR1moM6z+k10AP587TdOQMqmijvdOAQ2ZmusU0CE14CRmX6zNTfa/8wPGmHTexFGqQxmaTbVuYvOmbBZYK31KSFNOvUvs0L/77Dpo5v03jtR3VZ/LznyIVWj8X0B3Av/zWQ1vnpjiMkFG5oW9G8KMsXUTMJROxTIk9CrW9Ivb7+rFQeBV2xDp7c7W61XqfZagyO8Msm5O4XgtXKagxO0KbyLeqSaING8h14A48S7pj4gBC4EQEeic4vpH55fvqtXM/07g1B/lD8AX9KAJfYw9xHfa/PmGEnGBXeIUpiAuo7gX7QjjLlKx99z/paO8u2IdQg3bQlZyYGY6Uy5J1IgWItYslSeAZX2/IifZOpE+7ToMjkmOGej2W7AQJfiF6Yusa0K67t26K6iLYuKXIUHGvBNofLRXRRyRdtdcB7QBjqcZx22kWf/huYGOSdJR6+d4RlrT5GBn1J6687j3dVkEMyIYXoiIsjfkWOSorMx3mVgnpbE93gFrtZm3St2w8jHsIn1sciPY0PFcxb3gDR4HMvpEZ8nVdKJcGyirxJIxIQV/B5TpPjDKc8mdZBO13PL+o6i81jijyjT8HE1daz+gZlJtbbC7hunmiUD4qptPxPy8yTmgvsrb5KVHrMur2dKjp/sFLiczHopoNP4BNw/9IpQq5lRam9sok2yvTO0lvrvxr7Qw+2LRtjvgE1IGkXiiMP+fqUchCuU5XY7gXJLSr06hzOQlykR8KGsFUk+ECT/LIoWLwXiv5U/uHdRjfOvR9QxNR3NOgd/LDjfxDu0LQ7mzjpRk5V7jSMAo4C6CuDZ4F2630XJQfLbZvqAPF/gvQryTFiOt6OP2yDMylTlkhfe/6QBsV2a40mlGx1DcMQw8ECH8sceuJAPr+I/9sdf1sQ622jiV4qlAe1CFZQIDXCdhWkL5ZhD7/Ku/MgMVJVd5izaZgyjCVdwYPOjLW/95EcOgL/GufCko53UQi72f0T2P/pyEsCGVdciRWRPZ5HqaFd25y1dctfSnY5JriGvm/VnyPpX/pUlybP/mDwL4OU710UPQQ8Hh0MUTN9lzEXEhfo4dTsg0O8Y+8iPxtnrVKzDMfvG+a8HoYLWLY/HimF7h6+2CMORNp50PZGXZgkqG7XF7+i2GgrmgzljOTDTOaoMt0+3Kwnb86ZwI/nsu80/1Fr3JHxYopHv1pPAwi+YqpZXiRLtHQeGXSAzR3IlEpur3YAlNt7bSkVgvb1fUH2yf4G5n4qGvAh5voBe1xlra5jaxfqeeydls34EHtiy49ah9dO3ZyIzZsGdUT+FC+edNth2/BTbPq4Z7P9VHzPzaGzYv8y2OPoWzN+GQJ/sn0j6i0W1vcR3NdtfIu2c84W5oJLMd+eWE8Y4DxvRJ7yPJNSFQDHPa3sc/za8nMtXkLuYQoyZ7nOOITqcASXot+9f/qJ4rxV99JAdUyN+8eX3ylvHi9PVXGkZFmk+8/q4ec1HVDzRlhxyPPUUGqVTCBVbl6rrxsE6x6A+Y558UkmuHiM+h1uKqFjx0MuNm6/beuUJXgo2Boz2FhRr5R+wKl7+AD8ldkanlL7rOJjx/vqgWYxZ2/knIrVemDux97UhI2GTdI+ME3wj7V+OvPXDJfZQ4FBT7k6R9MQ6gzzcf+HLevnqcSAT1oo3HSuAFYcn5xdQvX2vI9DaPEylfUA1nmuH1X8GwsF/SIUenpMNECy7QRIPJjHHf40myedUkVvu+Lmc48UzVmJ9GO1TVxWDtvoaLoH/DBqA0Zkh7ovbam86o/5Blo3B5Z2Z1mIYjZzF0pjvI6q0i/M45n2Wy/RyhrHv79d40e03eh+AgejZJYR7MGegflBdwUOZvpyD/cbS8c1OUhEFaHHRCRNJfXHSvtxmqeVgnPX6UqpUZTy9uOZwESnT+8qU5gQw1DDUeJqsUect0AOQkwsxfrjIQ0BFdEZkSURmhNZnfcAMo1r9fLxZ1TcJgsqJa6N7GajeexjFo1cd6xV/C6IuyFfUnEG8K9cezsVgnhwVnumLMqv9J6e1dHw33wRToSoeYBaW8BZUqce67pww7ndqts18xoZ/7IDn42iW6viCXRh6YaU2hGdhpOP5iAsefzvUzeJ2uZ2GbTt+Cm80NYmJ6TJBIUyunxtrCwdI5nWrSp9vQ8HJy9wCyfLjqa1r9vKDoVEx0kZPpFjMl2bFpLAk9xyoBt+FHAx22IRUvZidTq/ivOPGM9OOkaQTFIovS5K4kDEOfJU64MGFebQykoppf9DtLoTGKQP0VmaP7wmqOZvOVtIDaROMxKJn3EhHHnCkz/gNIkLZk4XqZvDw96Nc3X+Nzje2/nojJqVpf9ZNd9xvQq5n2Sv5wFlEToehkFnHa2quzqz3vqv9pSlRk2pIc6xDipSBEOX24jpV7gOb3C0aQnhtOpn0VPLsjTs2gP1+Mrn69ta1+rSy9Tv49bDt6C85O9X6hXKgC8A9Y0WAsF+ezHPD9eeHSQxdvVJy8QDVfCB8DFSz1kRtfGYzDmP69HeI4P/UoMwShW4n7qzo+3PK8YIOP+zzca530y3NX3+KhUnkBdB5kkZhTg1Bz1I15/1UCAcy7M67RXqPrBmDd8smGd7YKYflkz9WCF1wD4Fi15C+AUQVhq0uzHaGjR0NeTvb+lBJrxECrf6CJ6qNsnKkkGzJxRS1mTfzUkDpQ69goI1ivo7/EMU49SOHVwtJ1OUuvnSAkOR2oOAKfrGiP5p1VE76Kf0EtJXX/qb+tbyz+YUQI4CfV56+gCGfyUXsC5jc1Qql67rDgVs2WgKtIzEKkV0WHCiPq61Kco9Rt6LEQeZS7V5RtPZTfenaYOTDK+dp5aZnQUC91/p8ICowpfSml22zN2g5jNLT/GDgRcxnQa/yWEhgplzBWaTvwGaG4f6nzVbNq1u9vZtaJVTGcXSyHrsmrlypz1RBDfm1+Bc+JPppGm3Bw54LAQp3kTkUAq7UZCEYSUYX8tpc1CjRN1GU+esXpUsK3UGqRPr17k9Ru1cdJU7mbInaq9ogv5AfwTyZ5kAgeus843t1RK4bVuvmVUCjghN9pXUyCBcWQJQwYqvEbFWoJX9+8lqUiKhOqllJDNYoxgKHprPg0KC81PrfmA1bAnYl/tc54MQ48nRo9noavdosL9vZGqu84LSy5Pb9fpfNPDp+mmDd+xozBoiId0nXAOg9vNmvZKpXrLULKq+zB7TXFjCy1YHBvhed2EoJOVxzm1dXkuwBJnR//NqlmI/cjvmeKo4D7mwE656LSxz/Sgfe7xqcT2BY94UGPUz09TAZo4CiZX79dtMh52Ph/5cgSUu3TBDgvZOpP/dr37N34YG34tZR6U6FdgDKRxuf9zQH29rdC34O7NOAzAfVQwg4xzNtJZ7U1bwDEAR1zkXYMb8sjK7qWVItlaq48EDWJdIwOfdO5z95TieDm36/sT1B+MyJ9HzEq9RB+9NjJbqEg7GMe7FMEG9v6i+EBKaLS0qZWJ+JxpL1zQywcsI3A6fhcqqaU3hEzblX4Pf2VNf4gw1piRcRWIAJCCZPMGBkBzLxq1CRz8P33fRxL81Kbb2Zp1FGrShqmXwUsEN1NOuW7DoAh4sWkDksV5lppECsapGpreBLWSq+VCBfrZbC6EsZ5UeunIquKDwlaeV80mL57lTJWQCPXQ50Dy4dBtOim6T8oR4WmDGGgNem5ALOrbg/swydrI+IVDuvhreEk3NLxRQkfPxJ0jpWbVXQ7ZY/qIOEAUYP6ws04/3YrRdRrEHk4UVe4xxncg7Td5G8szEP+gQ+Bc8pt4fvfU0/KcXwPlBVivK7VLZmzFOfBQc6XdDysKz9uu7DqQfOSySy9xBMN01NDJrDCPPqKv5S65FNiWej9VzvmcUxe5Vfs9MLzzWTEImbhAv+RaaUccoOnxRV5eu5mp+PSR2EXuxeWsco8EKdfiZi0vTr5aChVpE3yhWDtBvUVChhFkEQ8JrvVK+AQAPw/nO+tQ3KpsVAlk9ZoiOl45zDprlGB+QhoEyZiu4QOPU=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:44,225 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:44,225 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110144Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ5f6ed23-4b2c-44f6-91db-b54853e99336|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b55f25f7df9ec0302204eebbfdf90fba|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxoTlhzNPERznkZAQLCFH2q8LSJu1zoExHyqsa7dscBdbQ4pmDUJJZV/XQxE9v4qd1TvPI0iN9ZqkBS3UjNoYw/s1RteuocGRVkI7Ys6RQufKM6rBvrW+IZXiOUcw=|_4228eebb5efdd43bcc1b16660295ad87|
2021-09-21 11:01:44,596 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:44,596 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:44,596 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:44,596 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ02755f8-c46b-4f64-8767-f52025028e84"
    IsPassive="false" IssueInstant="2021-09-21T11:01:45.271Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ02755f8-c46b-4f64-8767-f52025028e84">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>UdWYNefugMM3VQNwjJFTyk9yWxr21O6cuWy8JPEI95A=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
XDpAHCQDUDmKlfg7jQBnxh5RAKabWWrthdFPxaCbmxanrwVyYc6qkoO5CwNzQSxfgGaJrLUnEmrP&#xd;
neiRsCGxxk5b/sieO6CWk0Qy/eR5mlTfR15hnDEwNcZuBZfgm7Bs8xz6udp2x2BMHsMe49+28Job&#xd;
r6CEQJNDrvYSFQantFkHcHo4IYWHkCyStWQpVzJfvX+53MJypkcrNnqDJZHwI8hs9jkLE6HxTLc+&#xd;
c33F44CKr4XW83Hh+zTKdQQaeO1qiIpq17J4kL5FKxEZ/r55Ci6t4Te+4of4F8BFELnnfig2DSw+&#xd;
LsPI3RSLkqHPniBH1u11bTt7K/2Xa4uth5kDzA==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:44,597 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:44,597 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:44,598 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:44,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:44,598 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ02755f8-c46b-4f64-8767-f52025028e84', issue instant '2021-09-21T11:01:45.271Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ02755f8-c46b-4f64-8767-f52025028e84"
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ02755f8-c46b-4f64-8767-f52025028e84 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ02755f8-c46b-4f64-8767-f52025028e84"
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ02755f8-c46b-4f64-8767-f52025028e84 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ02755f8-c46b-4f64-8767-f52025028e84"
2021-09-21 11:01:44,599 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:44,599 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:44,600 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:44,600 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:44,600 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,601 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:44,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:44,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:44,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:44,601 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:44,601 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,601 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,601 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,601 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:44,602 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:44,602 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:44.602Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:44,602 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:44.603Z
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:44,603 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,604 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:44,605 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:44,606 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,606 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:44,606 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@17849cf'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@17849cf'
2021-09-21 11:01:44,607 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,608 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:44,608 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:44,609 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:44,609 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _450bcfc550d15cf24fe90bde02f15d65
2021-09-21 11:01:44,609 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _450bcfc550d15cf24fe90bde02f15d65 to Response _b69670d8a0402853721460d81ad892d0
2021-09-21 11:01:44,609 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _450bcfc550d15cf24fe90bde02f15d65
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:44,610 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:44,611 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:44,611 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxt1qEqYTqNaLOR+dDdjppiXjrpKOfrV2N51DTTBA90LQBgbuB4zOJEd2c4xb4GmUI7imu2PLF/s4Dy5L4zfl/7WlfulSySl/BPnDUSOjNB0JQrSqvBbTA3So4hKA= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ02755f8-c46b-4f64-8767-f52025028e84
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _450bcfc550d15cf24fe90bde02f15d65
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _450bcfc550d15cf24fe90bde02f15d65 did not already contain Conditions, one was added
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:44.608Z, to Assertion _450bcfc550d15cf24fe90bde02f15d65
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _450bcfc550d15cf24fe90bde02f15d65 already contained Conditions, nothing was done
2021-09-21 11:01:44,611 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:44,612 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _450bcfc550d15cf24fe90bde02f15d65 already contained Conditions, nothing was done
2021-09-21 11:01:44,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:44,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:44,612 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _450bcfc550d15cf24fe90bde02f15d65
2021-09-21 11:01:44,612 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxoTlhzNPERznkZAQLCFH2q8LSJu1zoExHyqsa7dscBdbQ4pmDUJJZV/XQxE9v4qd1TvPI0iN9ZqkBS3UjNoYw/s1RteuocGRVkI7Ys6RQufKM6rBvrW+IZXiOUcw=
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxt1qEqYTqNaLOR+dDdjppiXjrpKOfrV2N51DTTBA90LQBgbuB4zOJEd2c4xb4GmUI7imu2PLF/s4Dy5L4zfl/7WlfulSySl/BPnDUSOjNB0JQrSqvBbTA3So4hKA=
2021-09-21 11:01:44,613 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:44,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:44,613 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:44,614 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_450bcfc550d15cf24fe90bde02f15d65"
2021-09-21 11:01:44,614 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _450bcfc550d15cf24fe90bde02f15d65 and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,614 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_450bcfc550d15cf24fe90bde02f15d65"
2021-09-21 11:01:44,614 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _450bcfc550d15cf24fe90bde02f15d65 and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,616 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b69670d8a0402853721460d81ad892d0"
    InResponseTo="ARQ02755f8-c46b-4f64-8767-f52025028e84"
    IssueInstant="2021-09-21T11:01:44.608Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_450bcfc550d15cf24fe90bde02f15d65"
        IssueInstant="2021-09-21T11:01:44.608Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_450bcfc550d15cf24fe90bde02f15d65">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>V08tm9FgD4FZBN/l26g9OL2/UoLH6BhLpz4UUIIDE4U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>f8oZNTie6itPq/AfPa1w4nJ/CB2lqueo5jWjpW2/o4ZR2hEBFRNRS8jwaIMKmhCNNNq7wE89UTi9aVAL8vK1H5IQ6DHyUnzSXKnQQzQbI88vJoVYmQDlvoDPxaovCfm7Oma8rSLp4gYvB5hLSxVku646lrHzsHhYXcEv5X7DyCyHC0cFaYrANxeFIn/OVvMPUjKEDUZz/31yof63R5F5rfWEsD4CxyjwHmHosA3T8DlTRdjNZViVGAzpdsQN1VKLDQFmvMgqxwnROcEbymnI4hSpx8mlHyvl9v5Rn93HD3FFMNnwN8H/3PpwiAYkhvonRFhvBnqWWwVOsmG6zgNJWA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxt1qEqYTqNaLOR+dDdjppiXjrpKOfrV2N51DTTBA90LQBgbuB4zOJEd2c4xb4GmUI7imu2PLF/s4Dy5L4zfl/7WlfulSySl/BPnDUSOjNB0JQrSqvBbTA3So4hKA=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ02755f8-c46b-4f64-8767-f52025028e84"
                    NotOnOrAfter="2021-09-21T11:06:44.611Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:44.608Z" NotOnOrAfter="2021-09-21T11:06:44.608Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_a8c6287c5c4a5af29f14304a1630e84e">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:44,617 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,617 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b69670d8a0402853721460d81ad892d0"
2021-09-21 11:01:44,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b69670d8a0402853721460d81ad892d0 and Element was [saml2p:Response: null]
2021-09-21 11:01:44,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b69670d8a0402853721460d81ad892d0"
2021-09-21 11:01:44,618 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b69670d8a0402853721460d81ad892d0 and Element was [saml2p:Response: null]
2021-09-21 11:01:44,620 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:44,620 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:44,620 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:44,621 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_b69670d8a0402853721460d81ad892d0"
    InResponseTo="ARQ02755f8-c46b-4f64-8767-f52025028e84"
    IssueInstant="2021-09-21T11:01:44.608Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b69670d8a0402853721460d81ad892d0">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>WYggzC8rmjJ60d071u2RJl6ORdAFZfPcuOFFWq75vKw=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>DfB2eOOPNmqwzvvxz/6HtGyBMzf0OhfmEATi3u6CPm+ai1jZFk5OyLE6H6phFtOtp/iIECLa1cEB4r43RpBZwJledwojXPg3FlN+4GCMz4kSAeObN1m2ml0Z/cVESnPfP8Dt5zlVrnEGFdxiq4dSS7qdDnxkC9QgMD5i70POf5ng1iF0I1Y304r+RrEKSfT9KAmH1GfM59QRni9x7Ob7ifLrUzrNzYnK5Z2rqwkT/f1vy4mhGoPlx1a+E3SHJfty2sDI0fFmrI0DSh44cHjW2wiT+zpLR8/EUzeXx8nNdlfTZLKlaFR3M7Oph2KUgogPEVUbuyiH+rm71n0kLSfvjQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_523c6587d1d1885487e128a665f256e8"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_652e607ad0702657e1cce35554af63fa"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>WN6BYH1ZkVlNJUvlUoIkZUdN+4ZPWlOKPbBJgBZ3fDwkZDyBKrxSfS3t7SDjFMuA6TqB//xjsCLufZTnHd4gvbHGGbk9u/o+D128nrWBTGFvV8beVODUrDbKw2TBW5nt7xlt+zf1TpW7jnF8TykQA1KEFuHeWv54TNMxpsz9Z6PxSu3BVHcGQjtkYTS70z/HzmxF6obEDukeHRxPDGE82+iTlPMjb92/Rf0SlZmVX2n0HxatYK1ircu/7rA0Fq4uRJRPoV3rBaF0wExLvc5PJ6JZS/nIAeNjuIEfLoluu7ADmk/fuUg9ZFeNTypJDIxC8U+uEyNxl+0Sv3yiVGQvcw==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>1mn+iHF/wvImGWzMQtG2ouH7ZoyrvGbiqjd6lGjAyS3ulZdixQU0xCYeFXftIBXafUGu6diyG9RKcLdORuj7pdBXQaPfIT5R5w3bOzoA1Vlmfg+tSE1qsEntnnlG0V7/2pLVgHUU/G0FD9m/FzEFhDDKdIXcNdHMRXAaA2i4msJt98uTwYlue9g705e4K3W0yDn+oVdrUL8xTM6E7aXRpRvvrj9d2GuV0onLBDjTP7NwUTb8e2walVH2XaHTpuWUQ1IcBbMaTPrVNPP26RYjN3CavDvZ6kjLtfuZSweEsBC/J0ogJoVrKMLUpwPJovAiJStOat9ofvzNuPIrxER2hj3tjXKqpfOtGgOuAKZwPgFForGZuvPm4xSR3/S6PiXUosvGlfC2qdaLsKR82oVKKlUYdwbkSSmhgB9pxPLCtnvVEZMRj3xWKYzQnZvf5YWH64z7myV3/UqMXtOkS+sFU+6f0qGH+XYMtGTReZLk7FHnCW0YrKlkbwA/6cmV8U5/pwNpwPu27qy1kpnLZxcMDg7FBsefNZMct/XlLIm2InPSwvnhkzejuCBW+mMeOKaNEtd/qBcm46qZ6eDJR/ka1bvo9l3vlm3S0FOloBKr60LTKyGZ0F+HmriYfYEGSFW9crzdYbtKtC8kbr3pEeE2/Vxxfs/j8HPWFMsuU3eLVOeZ1GR42LTNVPnvOD9ZztGyxNzkTNbfVzsRGRM5hqXrrzfJJD3WJkEBFinsA+YNHgqUX99gCP7q+2s+ytFow7swZOy/gcYElzZY1FELXbBIZ75qr8VQuiwnmoii5OH+QULYInVFkr4L+7ktjbiV80ZrMjpQsLA+5eg2icqMTHBMKHOYwg5oI93nqNGDGoMMs6qzb5qaDWMB6FMEFHIFIutOzfRBADoAXnv08/M8akjUQtpwLTva8VJ1HxKE8kbSL3g+3CpeYpKI91E0ll2+fzYgVPHMmyuYGVgQI3K6cc7noD/vA0XV68tY/Oz4VZQK/psDSAQii1eWqHMjXOXNzEd22Uk/UuYzqt9nGYyFSzWMxEKEbSXDUjMqrpqDIzc1A1Zpknn2b10xbJo+o1twBveFvRSCi95SZmDVkRni5zQ/UyHt/gYOGyF9x2H8v7xhVfu34lmsT70K6pY3FzDZHK7SiloaPB5U3AOCBAV2DKMlivWMTvOkrR2k/LHdXohxDdIDhbcm/3+ZXGIKa1ztbokmri3ATUx0rlfHbaEF0lDKuTdfnKTXgtDuLauLdx9wUujliuDP0WUBfvd5Nup1Sgm1u7VHgxgMZ+TQq/xzngKurDGX8B4Qnsia1zplbrRFkGJl4X+d5o7FlfkBORHUZKuzx4grItFb7iTGPjZOzKbYE9w4d70RsIedbAOfJQJ4zokEm5hZNkhCsFzTJBDDf/ZIGQRdYb6dKVcIV4sk7it+97XCNe85lugujpIZZX8Yc1KCSy9lGosPnDuVVFTjWvuKVhwxhBQW8PTYejzHMLH7L6TLFZxQcM9OOdwhhL3RsU17bU1HG4j+na0FgK8zej/JKvhvZ5H/F45IhLC41z/ppYHP85lZE3wcG7Raiyx3hnjLWYe8J3VIF7g4TgtWxPC/m450EVtegUuDiDpzkJ0oQz8Axkws90F0PdsbXKyKg1zpJtyuB5w9gP+KRqyKJDylaSTbUH33wsBSqONPoI9/9uwrpkRboFNWQZGn2XOkcgtnE0psg78JkLOp6ebsBiwHCW5JnHhw3MoucEes6rgVmY3RTOURHiJ+Vx5OAfs8uZf7fn87ix3sw5i5DHAr9gxIm4i4Syh+Ykgcy+UYyDDrE9qmHlK+5ZxI0BPyGOpqsTUBRzkMzzzJ1hHvqBSe+qXjufrL9TFAksdvCCPMf/ETyCn5DucOSYhpopmwwV9uExgl9el6Zq/2zIJoUAjewymPcO4yf7vLS9tiBS7vkhz3GB2fXH+qgAjiF5rZZDReAkVcyk9+xG8f/OzgY30ilLRTSXcSpzHY2UX8ftlwXPKVgukkYQfyBkzf8Xh5XFbKyp0dt2VgNzBAkqwno92WaXIoecSWvVSZrbuRVX8LFq1YPmYNysle8nkoNsddEL+5XPtUjUNSDFV2VEhcULb+ePxVEBt63NIJg3i7U1XqUhYQHNs7X693rx6YroF2vybTDjf8MNHY01LvnyIuECVb60AnVrQHjZozuKkgAE5sLvB2HjbYCnGDI3dWec0qadfrDStA559stl3WIc4PyZm5dM/GT98ckdGoi4ugAVPkSIQ/ziqjmNPcdsz8xGht665/KIcav1G78+/dhxIL6CQMffM8dRP7suzYov27uLOmgny8rnhHXd9rD94xwlCsDMI+VqE4w/TaO4Xd/TEOImVEZtG5Z64f4wBh2Nykey7z2/GQfGdNDsNNdlcgAFFqNIqfGZXwSaS0IJi1Pkxg7p2TSccJv2jYUj0oN9A8Z4IdfhHGHu15fOorFxNpBJWXh6fE1UcBN6uAqyKsxFr8a5diU1V0HE5oy/zYkAIlLacGauBYoBNBc0z9DZP6qwV0gUfE8NLa3L61J093sVhOM927xqWFT4V5aaekn34NR10BsyQOCtMXhL+RR61XljzYW3Ylpi2DSloJ7afX1UWkLI1TPPE7mun0YZRHCdyb3wNAixfGXPcMi+08hBc19+9oG6kAS6FkG3e8Vr3THIx1wjqLhwB7fvqPI9AYyKnAStmJl1nNShfBH9+iWpf9xwjGwo3c1dYKS148Y6G1Iq4NNZXQ6JT4W0XV9+7WC+2Y52frrqysY9OKfRyccTlPJikmInE/QTtqFMX5Lx1liK0J3wMPrw4IbUF3imD6i66XY3UVsV1WlxTZJmwBoSm8VVl5rp711JydzA23B+p9QTJEp9jut9lqVlH5uykLc0JPfO1YeiWdEciGAIYsC9FIcwyuCP+MKvIrf7DgO6w9yoqz3zKyp0blwEEwg9hXHDtLB0bIWltWqhYm74osSyD1wx3ogMk7ALu4W1dpGuE27tCDMVcpG9DWETQ4MIBWm7WgD6gXc06Vd+8dEjGmrjPLkZJQ1Vg7gwK8MQBpxtzKeTigSMFMjo3HvXAGYkZ+dri8DukjI4WQKF5Iv2WfJg/UUs2ziNg6NfJq5BWgN1xRVv3TlU+skw6ObxNK2C6YiiKzdLoO/D2SRt/5CGU6duIvmREBmri8cApG/j0ebICkcwULA7khMdOpKoaIDXlddMHSdUwYQqPBklofgVaiwL0i++KuwvKsw0kZ6RNj6Ru31oKd7tHg0IlCu+8W0BxsTfdtygdxzdw2TDdArnnGsK9nmBNkXZ+4RDroFqLKcYWZ5kBZtccwOQLkyRjpindLk9odDE4hVsDtnhaseaMM3j9GZ6oHa5czhnQj11uyduK1jIdaFU2p+ku0N62s+m7R8Vzao+2RlHaba0kgUd+r3PwX7oEPkw48cjcNzDdiOjCZFq8AVfN43O/vJbmt5CDoQObMGR0E82E2xXmJZOnZ/wOY1CTQ6A5jYc/KhKV9FuA+h9eDS/8GTCZDQYzJUrhav/XH/jGDHEqmVAKKaUFMQKj2sxYU/ekQLo0McccyiKCyNVv7CdXbHYIT+PHQDt1zyrELtH/qYY9POlNigHrt2MvoemCor3npmcpKlVTESrGnAqX1RvUhMTrodt3ODwYBbtDCOB9cTyf8xGANLx2AzmtdBiyVDMfSfBBApMvIYvrJWAM6W5Y2KWe4qSbsMVEaeINbl9YVIbMO+FZv/PSfwASgBsbjKqhlVZeod2DDwGfFZLsWr18mCa8aB3PZxKdXaVZXAQmT7HISRyMzWdS/m0fqh4/K9KD15+pDttuV935QwhcFeiuw2TT/Y+62LHgRPKwsbcKDHaeGjvIj6qnSh7e2VMHlLi/6HyGlvBe6r/mpcj1NU4U9YfgrLw+3HgN88ReZ8bu733idRqn/CDEmuWYBubxACLoTB2mGh2SMvPmPZjTJa0cwVWNm0Z8WvJYO1WIgpaQpZyq9JbIzlUucdmm40uWSPOgpYwNWTyIw4Og5krXGVnOdwwIDYV8Wb/azNy+kuksOfp3Ikwbw1kZ3YGlsJs/tWUwccO881/mhF1S9BBnrNi2XkJVYzl+JWGEoxqWCfHdFVtLkMN+USfjiGgpIYbbSzZewvSMh66k5HvOgVIwGXA3aBRkRjhALKlM8EuJboSb7pjx/qExz380UGrK6EPbOCro8RpRKp65V4EaDpMtfiEXix4d6F8/mVSNmUzCxeLwnF05EwdnEoF0zPgQfYKA/OAedbFpW5LA8IsECh9QAec4xc6RaRlDyHB4+1K6fu32XruEgbE/hrwvY3nvMoNmYNAJEZ5mmCyJsrz2xsixvPvRdp4yt1bYTUMrUYrmp3jSwHAIGGpeLsHi3IjYbXhlPCtGhXMG2uUSpOnYLTIKL3BOvGWiMXdlB54jduWrZQNP0/IBMNoBZ/jrU6jA+vBfuGd+Yrld0mYPog6Gr/nI2bEo6TJQYe6JuX0wCx8gsAsLHTY6k9vumhnf2uVSOQBWjGrXVxOjCUFkEnCRvX8MDg6kwq0q5IbMeyfWGsCS/HPFldNaZousDGVA9PyCsrWDpfwk/jS1H9dpPVqDbNRx/yTHQYyFWNydHsMC492MIHE6xadvAfdr0bX+Ia5bfh7tz8fRu0LOZLTwbuVc9CggRQEHeg1vg9HUvmyC/fJwgfx+qPQ61eenaSf9ALJLblgxEZwjgMfFWyQAVKdBIeUYAwuPMt4UlGjay9f6HNioh67eUu4yhPRH3PFAaeK33YLqUfd2zykfx9222ZunswmFLHyR8XkF2LxhJy7zUGC2iHcPmfDCwGl3xOpqbxo0Y0ApiXp8ejxObRkru2XDoz1zlmkJ9YJxjPA7gP6OQ96VCV6xhM4229ffK9lwUAbUq1saDSwdwKZmXe7X3LwaKQgxjkQAMJTa3mLyC7RqwvbRXQnCW9f+WNR661AcB9or0GDm6xX/uOaFYRjpn6kZVXcHDbbV1jQdX+gI6b7pqYZai6B0RiLE9A05Gq+2Q49jiRqfcpiMspMrkhwkwECfvFlBXm37ZIZHuLdolsyYytUkCsk2iJDeGE2hxOBl0zQCGbffKcgvDnL3NphID8bbpbCqDbuC1qNM66alBNpHMHmjgXbbYVt5DGbeWL5VytoQdCETcR08H/B60SOsh50zFMlnORN1fUGKDQn9ef7Navt6vmBMV84QDbNzuwF5YUomawrqs5ZsQWUfjHokxh1M4hf5d9znK5WWwMLnBjqhONJjdCPuauN7/pMrgXe8hWQflCKpKbb0sy6q5loCZSjmeC2/b7iS46sXkTOcVteorRf8yPBRKiuCJbh0eK1hLq//L7E1bGJD3ZF/LuiFvZ9mkHnUxSXrdYnhA7gsT/o88mSw0cQXMggVGFWtSMyNZX2aLl9tBwgOpRPAzSkUA6Vw/tjfLuBuyY+FGEV2ctaoL+Tj/RArr+bppDQ3haP4PRIr32VimvGFp1cbVYlkcmo1cNh/XYWtgGfFkEoJWwdCFdAlC6GgEwrwPr0mUj/I0j6zXlAbsKJg0G7GNRAC2JcG0JoINsdiy5KjU+suCaoIVVeJ3/9we13IEyl2Xio9L3pgCaXU3LNcswqu7nqW5tigwvmXCmcMo59f422R/EgLqc7PDJQAZiGeW/u/3+rKMlH5xuCNGKuAo2yDQ/EZIOTMh/TmPSBcWCemStRoUDzVm5K87gcqGF+sFhC8/qskf9m40eJM2YGB/moQPXdk6lIHnIMFTknb0iQ8lrTfUJxL9t112uzR/PB43IJ1/QeT4LfcahyIJHWeacbXDs/hFTaGO2/xjb9mBF6Lq+hcsPbJH8C8+8FcoTC7jONGWjKqjq+dV8RNfO2IJ1UB/EJNHKRlcQ3IfXejoI11ojPjrWcqQ3cNrocgKeVcgNnkU0T3P2qsrVYNnqlKkEtCq0djaOHNMXe715jASWp4CeQuR9z1dX9BLT9ZhoENMTzR3ClSCoL+hYl6IIm30cpQ40n8tXLtOx68CFLPwmlAJjWLGhFjIA8baCA2oKPDxRzhJ0YtVJSkzX9iWFiQOmPghxD/IQiFqCy53XfBsOuSPGEucXZKbPtaNGqqOgDIVgFgk9g8UNJaxBWtO3qIlzZLGOysZHkIubNFaVOcZnz640OkXZ32if2yhTdNco5AChrnuD24WfP8+a8W+JY4hEwC/oD7CvM8iIV2HZnvGqII9UDa1tsMIaT2FkcUFhP9pw+4mCW+uCjoai6QiLJgMvmr3vuojePrT1Tn2GlIdmVZt9o09Pq9PR/V+Bg7VI5kOGzpZui3U7pSw0QkP78S/BpB1S2sias14VQsrF/4laZKjJXhlQb7BfKvcm68xxsDFE7gKfJ8vED+dT6Prq/JUfkMdDn6qHNJ4IFhMiIhuYiA+tu+yV11ayZr2iiTLXlH4eVsAc68Vh8WKZ5ekljwK9bw0CCYYRxaizjSq1B4nJJFeteHan6Tv9kPErT7lNg8sDr3OCIuDVq8JpWP7+9z8TFKZ2TcN5mhMG09Ih+H9GlVeHhm/5TTs8oWZm4to5taZudcdx5Blnjm21+eBO072hdX77g8GWg0LoC5V4a5mBBELHdyg5j3AZ7NLK6yRiR9bZ0GSvEMEG6M4/r4k0qRfdm4eWjW0WPIs17Svc6h5mqla45drjYcvAyQYKqgc7PH6Bju/Z4HTcZEnVhxuh56s2oA1Lz3uARdpd/a1b01JKi9ie+/MjsiIX4PrH8zOpfK/vj3iEBqDgHK/xwuFVV3XyRBYXr4LtnsrGAY2keCSJMVl7qN/qTd/bVhF+AURbcivkJpPRxaqzteLY32ZeKezmVB862ig2jR3c6SF+Hqpk+oeh1BNERH7PGWCyGyx9m+2skbo7PMnnRguCSVBRTyhhkMXRv2sBSUDwSNfiwVak2oJw/i/qS+9OQHopDsaDn6CjneQuN4AKfs4CyFz33GRjUxALw5K07dfYzrPhxgrvBklueERPn/VtiakhgQ26jOSTser1fj/5NIKT3UcurxfK5tcaAGvg4J/Z7pcSQmx8Ifeq2ZhghLE6GbiggskR/mFqHTMf74xbra2v9cBWpad3sNcrQhKfscrXNa67eva9yqSpbjVa83q31qV/oe0EbBuGXHKvOzt4cG4TEX82UIgXENZZh4/6H4GuEtHhkzodKIyjKMl+oW40uZH9KcLomis7SAmt49SaWfZ9+mHE7NjKiFmjnsWseDY1gOPYt8BAFoTi6X4A4/rsHGow4e7BNEppucCLttQVGPO/1ttXfRIH8mBLiQYrffY15JjaxQbb5Ef1diYFAnJTMF15mHJCYjlZYM7bqb6fhd/B+Id5uN4zkjv+//Vv8C/83lTYrpNAxcfPKSroMXRSqjr4V8El4lQBJiz80tVt4+LCi+3bismL05NbY4sGxCNdfr1ZdsGW7u/q+/2NMQy0EpXA0HsZid9+tCzkPOjZEHLoRUIiaxmATL3tO8VVcE7zFxYjyfX5FFyECT+9i7lhroPDHAZboP14FwkuFfXFUDUhlBB926xqZG8TOeiAJBswAOWTT+Lzktf1noRHxb5Lq7rXP1+ofq5sC8LHwvLxWfus6pg6ROBzIhXmYtQvT8Ln1AJEmMpfZV1EXnbI+2mbyNmEizfJp804/yU8UxRctfVioewoSxEv6UNlA45XPqlUbGkGo6MJ8hK69PHR9mFLRLr6RhbI11lQRdSl7/Codj0C/255wm9PBtOr47nWKAWgdcHYRZVQTzO4x6QTvsQ7mGXgAOE+vuq04qrG+BEdqnH8eoOB6EBbNc3HVjcPv7EUOftw/XSd+FwwjSJ39TjX+guCorZi4E6S1vqAW47F99uDZfAmQd2LkXgKZJ0RNpnEQI3whYpKSAhSjk47aRnZ5PgXyk4OqyElgiobe90T7UrH0dO7jMBmzNsqqS6uo+mb+F/6z7AyTqqjWo1+siW/essLql8z9UWfLCyjo7QRohrGMRApPmZhg8m2hhJvM8e3JoHMCrEx8vV7g3j5F9iTBf6DvY4GP/G5r+c8Jzccb1l1t6Ppp7qjJPBWl+BVRfd3luDAJgCYBobowz37vzqQMqLTb0d6kRE+sRzLsDI5T6LSFQDXUp3gQkmKoYKHDmRvg9n5RqMeG/b55VRVOHLTsyA2pZqhQNS+tn4vU+hEgcvDJaz7T6fQCIYskRcrXVJnzCQFh1iGb8nxztr7NA5FYFNnaqSaUDKEZTtamqa3qvwByIFyxr4k/NP0fJDTAfQHWMcnWebn+6dN0yJCMeqHoM5TD/mI0433eLV6Fd4+9QR3rMmX4jfmMI=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:44,621 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:44,621 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110144Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ02755f8-c46b-4f64-8767-f52025028e84|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b69670d8a0402853721460d81ad892d0|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxt1qEqYTqNaLOR+dDdjppiXjrpKOfrV2N51DTTBA90LQBgbuB4zOJEd2c4xb4GmUI7imu2PLF/s4Dy5L4zfl/7WlfulSySl/BPnDUSOjNB0JQrSqvBbTA3So4hKA=|_450bcfc550d15cf24fe90bde02f15d65|
2021-09-21 11:01:44,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:44,964 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:44,965 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQf4dd303-5b07-46d9-b856-697defea83b4"
    IsPassive="false" IssueInstant="2021-09-21T11:01:45.641Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQf4dd303-5b07-46d9-b856-697defea83b4">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>yXjbThRq7g1V2Tkw8TG4gcnRlKs63ct6sAQM77JSxnU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
qrSYO+luADkYwTvqynlCyAdqreSjvWgNF/WoDrU9JMTsdBrOXg+p0VRdBjIBtRLhRIDn86tBSxU4&#xd;
5o/5sZqXeTRZbSp0w86JJ4iIWvJs1Pm05ZXuApxojJTwzrOnrYuqWuOWNhAYJgO3XsPxJ3J9xqr/&#xd;
4p1abK0eQ+HYU+M/BnVTPCCzLAFYP2bI92EoNRLt+2PfJEwlx/9Cf4FE7kHSwR8DpfM/IJyOCmGw&#xd;
8B01EPHnPWCzhCSQCrlZhtSWn9dsgj/C0OP7MnolrJNVOZJTK9DqszdhOQ+ZDNEd6MLknxLV3RSC&#xd;
q6ITzPLe8CTD92GLCHoCQZwjhgCx1Yets0gzxw==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:44,965 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:44,965 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:44,966 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:44,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:44,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:44,966 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQf4dd303-5b07-46d9-b856-697defea83b4', issue instant '2021-09-21T11:01:45.641Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQf4dd303-5b07-46d9-b856-697defea83b4"
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQf4dd303-5b07-46d9-b856-697defea83b4 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQf4dd303-5b07-46d9-b856-697defea83b4"
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQf4dd303-5b07-46d9-b856-697defea83b4 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQf4dd303-5b07-46d9-b856-697defea83b4"
2021-09-21 11:01:44,967 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:44,967 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:44,968 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:44,968 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:44,968 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:44,968 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,969 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:44,969 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:44,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:44,970 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:44.970Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:44,970 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:44,971 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:44,971 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,971 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:44.971Z
2021-09-21 11:01:44,971 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,971 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,972 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:44,973 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@45505dca'
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:44,974 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@45505dca'
2021-09-21 11:01:44,975 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:44,975 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:44,976 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:44,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:44,977 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _cdd9570a224f4717fe0ad9c40783532a
2021-09-21 11:01:44,977 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _cdd9570a224f4717fe0ad9c40783532a to Response _b1cd4ccd206e5e5191a88311ed189870
2021-09-21 11:01:44,977 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _cdd9570a224f4717fe0ad9c40783532a
2021-09-21 11:01:44,977 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:44,977 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:44,978 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:44,978 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:44,978 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:44,979 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:44,979 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxuKD/Qj3DGt5VBbjDsB4x1EKYpmj4VnTjoPhyu6FqoJuEAOOBJmvucGd51Bkl/O5kuQixTAjMyf1NeHRdHsSSm8X1BvDfe+6xzIb8EAasEWzrf82+9aCE5Ub9xhw= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQf4dd303-5b07-46d9-b856-697defea83b4
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _cdd9570a224f4717fe0ad9c40783532a
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _cdd9570a224f4717fe0ad9c40783532a did not already contain Conditions, one was added
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:44.975Z, to Assertion _cdd9570a224f4717fe0ad9c40783532a
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _cdd9570a224f4717fe0ad9c40783532a already contained Conditions, nothing was done
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _cdd9570a224f4717fe0ad9c40783532a already contained Conditions, nothing was done
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:44,979 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _cdd9570a224f4717fe0ad9c40783532a
2021-09-21 11:01:44,985 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,985 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,985 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxt1qEqYTqNaLOR+dDdjppiXjrpKOfrV2N51DTTBA90LQBgbuB4zOJEd2c4xb4GmUI7imu2PLF/s4Dy5L4zfl/7WlfulSySl/BPnDUSOjNB0JQrSqvBbTA3So4hKA=
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxuKD/Qj3DGt5VBbjDsB4x1EKYpmj4VnTjoPhyu6FqoJuEAOOBJmvucGd51Bkl/O5kuQixTAjMyf1NeHRdHsSSm8X1BvDfe+6xzIb8EAasEWzrf82+9aCE5Ub9xhw=
2021-09-21 11:01:44,986 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:44,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:44,986 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:44,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cdd9570a224f4717fe0ad9c40783532a"
2021-09-21 11:01:44,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cdd9570a224f4717fe0ad9c40783532a and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_cdd9570a224f4717fe0ad9c40783532a"
2021-09-21 11:01:44,987 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _cdd9570a224f4717fe0ad9c40783532a and Element was [saml2:Assertion: null]
2021-09-21 11:01:44,989 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_b1cd4ccd206e5e5191a88311ed189870"
    InResponseTo="ARQf4dd303-5b07-46d9-b856-697defea83b4"
    IssueInstant="2021-09-21T11:01:44.975Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_cdd9570a224f4717fe0ad9c40783532a"
        IssueInstant="2021-09-21T11:01:44.975Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_cdd9570a224f4717fe0ad9c40783532a">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>cSE7YDEfUJTJbZ3+TqkbpN5qz5Yw+pnMwm1EeY2oDK8=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>L4DCZr/R70npQFS79DUFW/gow0vWWJI8UQKMTabhsYqTJnwaQOUBY2JQ++RPEZ+43rs/Zfv4Zevr8Nlkn8edZWR7yOAtTRMDfggDexmYXezI2WmEwpVJnyEX9lBduR/n6EPvitn/gM0GoDCS5FEJRtvixc3igUnBNccco8w9E+LvHuBPe0EkmxRVNHeB9pKGyrVNFCtqtIUeOxhbdvUQ5tFCLNaya8rJr7usywHLZVRo8Z8C7iROB2WF5DZeyiBjuWDxl60ofOZoN/yGy0djGCMEEhv8sg0ixEYbJy8jgEfyOc72auZTp3QtwJi2+rwhRhtq6Ne+vzM9TaWutYdSOw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxuKD/Qj3DGt5VBbjDsB4x1EKYpmj4VnTjoPhyu6FqoJuEAOOBJmvucGd51Bkl/O5kuQixTAjMyf1NeHRdHsSSm8X1BvDfe+6xzIb8EAasEWzrf82+9aCE5Ub9xhw=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQf4dd303-5b07-46d9-b856-697defea83b4"
                    NotOnOrAfter="2021-09-21T11:06:44.979Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:44.975Z" NotOnOrAfter="2021-09-21T11:06:44.975Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_f30a60bec037d3f62adc8009d192f05d">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:44,990 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,990 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:44,990 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b1cd4ccd206e5e5191a88311ed189870"
2021-09-21 11:01:44,990 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b1cd4ccd206e5e5191a88311ed189870 and Element was [saml2p:Response: null]
2021-09-21 11:01:44,990 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_b1cd4ccd206e5e5191a88311ed189870"
2021-09-21 11:01:44,990 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _b1cd4ccd206e5e5191a88311ed189870 and Element was [saml2p:Response: null]
2021-09-21 11:01:44,992 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:44,992 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:44,992 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:44,994 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_b1cd4ccd206e5e5191a88311ed189870"
    InResponseTo="ARQf4dd303-5b07-46d9-b856-697defea83b4"
    IssueInstant="2021-09-21T11:01:44.975Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_b1cd4ccd206e5e5191a88311ed189870">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>L+GbTVqW+o70OAXmx3BPctbp15tZleRvt2ikGfvLHDg=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>hkZwyCCRbieEW1yYWAb/F3TCvKNAd/MQ6fuNYfTNiWhNXCC4BsFK+kxTUHHetv1IiNG7Fz6pISxKwOKze4wPWwX5oKYH/JvIWC8ExCffcN9Y5aInPlbPfaglnhzSdYJSCEIE0kDhTS6gPTwfaTZqX29feD/UXKave3VPT5zIndQD5gyKPxbRgBtHfgYkEAxns1M5hXVjYCqtWmHRAs+/RV/BWbWZkLRHs9P8fsXjjk8egNFO8E7qQaSxo51Wpa2voM0E7juY0mu+5nnGdq/fE6dCWiccIKDDK4cOdFerC3iDnBWnGMiK4tIUMpy1fGiVMruNvbQo0FIn2iZ+j25OuA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b239034d4c645750b54e07a663781bc0"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_2270e0c11ae3956e7a09955d8b3d8252"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>CGJ7TKMgKLQ35y38x5NybAVVquTEMokMni92zTqUy7P9NXd3WpF5ziFCWL27OWDSjBqZ/2Bsij7inIyD8y1prUw6cHXxpXywapjxe0K7C9NjmJvficVTA60aODh00hFsyQj61HF0fnKZc2t5zvAAcQePMHbJjv1ygNgkPEllu7k376Wd5wcQ8j4mZu3SI42n3rleQY6L3H9flZNX+VWIqlNfPHvUieMeWNglgjpevdlfJFLXHQqw9DzKdoByhEiSuk3vLhnRh+yPf/qynQ00sYDap4nJp/usC5TFGnlmGVL9mzzB7cNRrQgt9OBhbKOAUuq3FamzJ+QfcA2aB9Di/w==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>qwk/+SIY/FD/UC7Bk9YUkY2rycCXpzWSGQaHCE3r+jrE5XqSVK9IMKIa426Jj8udYmMarueXii/2igQzphyUoGgdbXuRWAKfNDBWI+vMWpdx91O2+yVY8gSKJPtw9QQYclF6gOi2xtP1o+4kWQSwc6S0zQtCIMhNaNzgP4sSniEnsIa3Yp6h302f1IWRER3PU4pHJA9oJHALfFxOP2+BKun3LIby3cVgZ8JyzMN1Ee4dnLnv3KnEdxh+MUUAm5wsGUD7Zv4aKjrH8R8J7e2hehKYemL+lc8aSdPWkxpaviPygRjLcddGqvdcbhxLEylbp/FeyOcmxQbRLYYB/ir2QV3JTdlGYU8nFMEGGsT5y86v14vmRyOAUF2fGJlyZA5iPlvdHQOOdD+ZXEIamzOQogmd042KJWAwfVlSOuv+sAMEVAWasyLhg5HWoahDSYFKn3DSFqakrK8e5JUKhRTJ0ap0myJVPBL6ZSfHgZCAEySCe2L7Nl82Gy8YYia5TSWBQeMRPV6okWnciMl7BOH5Vb98lOUwxLsitF+LXhpPhE76zidBbeBUCOLWkVcW7hGJHytSi0/1jvFOx6rUc1LadqgaWxTfrgbbizO7P170dVF5kg06WfZYFFekmfLAlii5HVHENaM2qEK1gMHqtNlj7MH+iFmVR1afaiAIqkij4RYnBdJMMBkpHLh8SyriGhWwKG37MpeVyxOTEkySYgAAvFjGaWoO+MtY5ZP6c7kpcncrk0HrBgENtdkL9fFl2tL4R5WhTj4Do5O1rUhNSq95v2X1bxD513+QnknUlPrhRruiVCpVjx4Olwlq3ButVoyZJHysYY6pPEBEgkP/hKQC+4Y0SBrwVfFlKqTPWZXxDj2XqNW9riOnkQAhmfV/TxQdZhNifH4GYGoRASPrdIuP2YW6AtCvdgtxXxNrwm6QDYQepBaFW4bgNqli4ilK0A52bEiUV5/tWysVRFTm1w7O3NG4WSLo6ZKO9zTzLrTTDyqGumicAvoDy0sAstvNF3++qayjIcF7jzoNmLBUKic0CApVP/KxelMXEJWGAuRRoSeNTNwlpXx6Xgewi2aWgd3cBv9OS27mKSuFY8D4VewCWLd3nyDAZ1TbOU+Fr3fLIWXFCvf/tBdC9BypSB8eyfGGAYrIz+F9v/bmksF9FRDVRKP43VCpts4WFF4PXrZnf8nsyboLFtlAYn8Net2kTtLZC0Wcy3ufwzp4t988QqvZizh+l2CEPKpS4ZMmeppkAJR3UnpGTOIFW3t22do+2PHcbbnwFNXRcu1QjbRTX/81DjRgiVAi88EICLl/irf6seoodPlN71wunQzhb+CMUebkG+upIcHR341wiMW+lZ521cRBiKZqSAzv/B6setju+ycOMuXQz3GE3xM9fJD5kuArwILXYXPkE7mfL38jAny6HHfTdWUEUEdaGcPIBjvvNHMVDPB9SeZKZ3OYiHHnWyN8YcErAfuj6WKacJAuOGPCzMymvTFHNPxaNoVcIbaCkBR7OKsNs5OHwZbUu8xMh47WGr2/9UbtYhVEeuR3Scpe/7QhVtV2GjJaK5MH8Iuv+fxIRAHdLEb4ABaFnkRmCUGPTWaL1KjkqcnEaZmwqMR8Oy1ainHAtxQYSAdCUpN7wWSNXE7ati+Hngfxdl9rQTjRmg8tZWjPHGmnv+92NtHlATFkz8yyPdHX+VUPQC+W6ZkT2PSp8R5n/3Wxm253gHdqNtDEO3mL1ahc5NMRNfoOHRbAho0cIzh1YCLCa9WnJ1f2Piu2aIfjRHOdEIjVROBFY43m/ekqrploB52BOJElGhAsrnpet+A+olWtC6jJYoaNpoh8DFJ/iyF6xTRwT3ZUepEW/SiCUfjnivuQy/7ZZSNQXEoY1Vbh2K6AsusKdvp0ZJbisJksFUCl5JeFruu62PG98gktW5FTH5xBBR2n0bdK/dGRjFxwRjxv2Dt9yUIvq1DJurD3eBYDKWbUEOq4qw1RAeoCG92ESAnYMgHPersXIHTIebMhRlRbtAoyusqxlhKxwuWQh9F7LuV2g1NfINgjpaPXbZowL7aZMnvJk1QS4wsYNpCI1lLIEfJLlYActP/vs58jAPWsgfcd5Ttk9+6AmQa5fdSGNnu7GP0BOOvi5C/kn/lNHpbIjC7JvSTDQt413BuN461ydpgLQQVfTWLc8yTNV9Ln7WH550ozDY9JQEJe0GCoyGrfAv7M+83VU5B1y2rFTCcnZtYll2HonurlfWOCWdSTAPff2benifkG0HyXo6PlmQmVf99P/4AEKMMhyb+zhFm8N5Muo6bVl8ztgAMmlIQb1rxc8NWTIpCgbLB3f0pTnnIkPt/GHeeZ0bObVTYcASMQ1HJ7m2TQXTw+4e0SStwEHEN1crM+bS6mbCh/wOzAAApdLkDNm6D9FZLPYTsDkeg85WtSNtPAIKTSyOojFQZsXtDSYRp3YgBmwKv9Soueqrv8OY9uuFGPAu5Q8YU+4a2zv5mTPrHybyKs1AjW6O9M4bxvVM4W6a2chs6x8IHj8nYwnWqVpg4S7TMt27Rg0tf7n1+kUdDgTqMprJBRmpyAC79+AaBDPxoqcwNNBnmiKPSHWLFwKfs28hENKNsXuoqt5/e2tG3Tkgo1BjpYuyPyZEqZWj8x3zJkY2359BvSS6roy+ZMhUIHQmiBz4pX9yGSc/qmWa3C+v8rrhEBdjMMVJMd8PgNY4PtO+AwxR//1CmmQs/KAIAqQx7vxi307ETe7T8OsuMUXzsidyNAb4B28o8R71ejlG7XJizW+R4xTrzsTyxXzGXxz+4tOYpISiE34HrjOI9BU2bWZVAdTTgrJ0MSXx4aNwovaEjAL5ekcsVjLYtx6aoeBLmiY6YwnSsZ44/DFAdB+Xmt4s6w2d1ftlBsI+C3YFzM4KdS+2/T/swPQiW/yemZ7N/leH0pooShe3YEen/C1LQflarEH+uhYrbk2rYcFa1gVg04s52VX9VJtFIncW2dhni3cAf54TcGLRyvVrWmPNUjacqB+G9ShM3Z6gcvpdCCxiJ4uFZFDzxVFpzeky8EdvdPYX33+0tuZlTcmCzFlOg3ynXmyAJcDZGXQiCE4FdDUQk835FWW/yFNf1ZYf5Rl2Yt4WdWpZQeePWGnSMtryzh4Fu/nH7u9gVzjy4D1jk/UAkuoHlXwTnDbKKdGuX8YYxy9GSH/fXuy684w24rWfQnzVqBZd74NSxe8sDR7awgFqFke1VfIco0GVaYd868qf+RL3/UFuzU5euArXWPkejdm69Xr3udoJW8UhHIdAKQd1wWl+JHOIHrz5b7pQMGsCsjkVfdwJ9Cd9aQp02AvU4kgyUpIQoVnVefKBi6UcEszrV2i3Vew1qjSXUi8SoU/3Vtx3045D+72797KGft+fl/EkmLCn8qFqVClT+ri8LGAcMQQaeIsVc0IGUJi2kGWS4H9saDr8/ijUzqmWKEJClDegBEB362dyUxll+Q63pcWOgUlp3yot9ojxMJtBzaQ+aAnkpbevCimBp6Ce2s2BOZDgBTN4QwYYy+naPsX+nWclFP4jIIPp3i1K0xzfyiRoLxT+XykqBV+Xw87i7P349aVo6Sm9Awa/tcrPdJ91Nc4ALT3whzQd9SMtG88T2I5eeGYwy/QqyhH9UD6iKGI0rGBonRySrr69dhmw+tOagffFvCbEOdGUInEdjPCmsLTiJivYoQFKBoaImAkorH/glJuSxZrZ8IyKfmH1j48W774lfTxJdfPOe2bsmwGXzAL6ZK4T+WXOafLYVsvu3lk5XRzJE6dbA68Ia18P7F0mnxhL7W2E8VTEkpDCeZ2FwCnBotl/c0U+af9eKFDKrbW2R/4XpIf49Y9ej1O51Sn1R5By7geSCewMFzJBRdOK90r+cAz9KzOoWUQb/Td7Ci+WV4r0uMC6LlSRiEMrxFOFOgwyNYF0tJL1GUgS2TpTafeIEvh9Te29lL1j8lXDV2575IHrvnXjodXUofl00PBvpOyEvFwxEB5JSARRqGco+PLimYoGKIJrqnvHuTpAZLWEtm0B1fMmttsVw72YUwvR/ry4qCoAX/H+YBr9LL96Du6066HEs+8ULjsJTaRGqDHL1TVM4wgrlgpTmtwfAT9kXbriaKxTMeyMUe49sbD3eEkJVwxlwo/KLn9ujAk4OPAaw3vKmqZQhQoVMyb3jn0WGjsJlM0iRTS+lac8PgtNj0rKqb7aK7LEoHLRaFLtDGMdrrv8qkvLrTWmVj0b6RPUneqo30WNvPyLa165un+pHeT+R4Z9WjwF2vamHAWU8O71x0TmmLarnRc9x7Rf8DH/+piqm/oNEKmtxR44iGWb7RFDnGwpS1P8X6EkWOAAMEL472chhH/ATdKlHCpZRdr/l4r73p3tlgAEGZaf4kYYpMRY6EPev9z8Ma7YNB3oyEfE9SxAgRmTC7ZwU2QsA3Kap+FoyU7HBouhy05+g7PTtUSDpQOqbmsSeeobt0jn69617aEjVA/9Sp0iPfLsT1wmHyimJ9gZRze71joa+aYW9jPnai3VLeOKvkN94ZTH9FI0ubPW9k6xyAMaI/HWHZnn5dLoAWuKnPtPev3s1LX+eW0kwmaNQ6OME6SrrxM9wDTCHmnOPMUmxJB3L3z0Zofj6vXBKMNVQAAzq0mno/4bq7CuVhxi90uQ4VjD/dAMEr60eCeci4A5eBIXROan9kszklf+qPxIzQC2wc0t/rN7V9nTWg7SSTr7dSKKHqewkePdTn6ynhfvSO+3JlwzqnjuWbk02tINPqDV3qxCBhQfEDU1RBSVSFdFgg/YXhxXOjBevudXLD3qA/7+4YGH/sULSlwpsIV1uD//kl6ZSNDR03FWjIHjsHJZ82h0rtgLaWmNYAcn0iqQIinn68o/xgyQBC6WEaUBgUOyv5cYWhBX0j+f8tMBN/8uZHn1G+Sytqtru7jJLnJVkpgM1XAh2ipZLdgwawn7TiYY3P2CymluroV2soeLMLNy0u2zEERVtfaMImVJLsOLzNNSLTdIIFRZCJtSFah2oWI1Wx83DnM9Y9JA5rx94O6A6b0TaJeQUbrOVqyGpSP90d901r9wR7XpZ5/WIPkYchkzQ4zf96fQVWehGTBiq5MgwYVIqYDa8wANGKljXhRbhv20dcR8zILVVSkJx3jXPqtUUG6sJj+hU8V3mp55l7OJPPMsfMKRD9r2cbwU3+GEo8nvvsTk1cs2iFz7sY4I4jD046XNX2hxRSYSbeDBqLE0WL2tc+SJpfcuBHMg2xN1xrpCt96TspYw0lCQ7w8JbiLYErnqn6+QivBsNhX1fNtweKz71DEgeGAFhHDeTYXLA8QO2lTtTkvkJ3MeLLT6V6TxwUdqAJ+bHHSYbalEDM2NVwXYaZJKqLtFE778ITqSD0BdF24zi1j1+66NB+PwJWL0hpyrmB/shrqD2e/vSv6dxoMnxDcoLHH7RTgAMp2tKWaQPu4erQ0/P3cM2J/5yVP5XYri4HR9eImYrI6TLzKyxzO7xcUotyPpU2aTflJZnOvnl2E9O+SdNDRf/6Kx5RKlkKNdHI9iuNtqo8VNmnwqeXCr349jy4en/v6jczBB3OHJWFuhL+Qj/KT55r+XN2+6oQu1OTSJiBJgOyIo4wydlfb5vSlijou0q25udRytuTJaMzi1enL+dLOjYKhwF6Lk95XoZKs0XQEQoffHDTkv1KJsay8vSlbRWOW5U+9VAPHuPs2eVFMgtNdGVbpnTZRpGhkrSvRcttR3gTJEWqYzEXomyjzefdQT1FG/JeRlx8k0nRE0ql+pzp3Yxu0HN/dbradlPH2hGQyiWLuCOem8DfVAWjLi0TXCZH5mcN8jVqXx/R9aVQa2WSiJ7ZgbYzX1Kzcrjg4NsYnGhTf05GZVEqA+mff1vPXiiMsNJbwilzood1DddrAFDJz0+8tjM+V6Gg+zIBJIvN4Na8/WO6oEnLzQWZvOBJVvgXPwp6KfUtsvjlBxgCbTiqTCGhEVmPhUcZK72lmvNsa+UWIsQ2MFg8R5Po6yKLBMVVHs85hi7szTSqAb8IBOrIfd4BytqVC3apTcsAuMnGxNUJVOfrE3iYXUDjIcN7J8fY28dgktAPCJr4iWRpO32siXMeRdHB7thLjMugbWOQvSrRt5rtuzc/sWXcM/DtrN3HOFWwVQyPbqWwW0sBqujKUTWd+exJU/K4hiERIP/CzpmhOl9wVdu/vYjEZNEa1EXvpe7IFOy6D1Bcb5Yovra5MAz+DDWxcpGoEc+nCuqqzMIfpvcalIzjrlMura/GRCSix3EcL/k6Op4x17hnI2islQ5pgPix8yJFLU1itwrsYh3nMmaT+mTuJgafoWtbYDutX1fhrn665mXxkle0jmGGpLJK07hvXvFOurMtkm6k/kW//Y2ISHifWhtRdK8CPpkwwWKsHxJIC3WQrQaw9UIQa/+VTvR9A29+zLjvVSbk/8xhRpPyeHrOWu+konByWT2aUEpdo6ZtrnFMM5ruAoaLZH773UOIVIe9V7jKhc5FUNIzD2IqQvTerej1DyyDJfdUOOhjSchLyTDBgg0P8e0UmqzOfE9b/9133PZqgHLi7u4pdqwOvVuNJBATlQjnYI9gxnaqReSikPjv0MiYeCPde/cTwrUqAn3cB4dFHgAlID88tjN7tL+S8yI95U7XadW3J30kjZzN+M6NDXcp3RNu3UmNNx6/OxK3h9Y2CdJjHtH1e/CpFBHEuMAN5aUyOvSbVDqqZq0DTxDRiqTIkdtpV+6CRnf0oQ7BYfjEJD+dXrIVNhDtAZX1h6oTZTAADrunYB27GzWY4kP6o9+SdCpmOWcCmpfzb6LI7Hhddyk5OFdhqCTf3KZtHwTkfzSELLDQ7HaiHEjoFC4X1/xalhHBNWUyVgifhd8r5pEVDBPduRCVfBkk+6tj/gZaRVN2VuwsmBv+9Ld+BIrXjPpwlbd2i7hF3XGbCNls8Kklt5OX2/0CKhiLyGL1NgLtpqApRD/ncnTy8P/ApJFuZwvwVExx0Bio+KnDAoxL9cG2iVCKxzkb/D9qkBqF7HGJ550qeOjccXmm3olMO3gMdyx0hy+XcbzvwjQxIi/TiAbKxT7NGU1o09J8P62KOaOJuHUoVX4ttFY+dj6zwVSaiFO2eNxAWyxCCr2Y4AivQwPpYjDaoF4lW8tP/T6jR6l/Lt6AAv9wyr0ebeIpZg2MxINqOsg6HLSyooJseX5r4ZyHFK5CUF5fEZVWDfWQakyalhYWva5cXknRtjIrWRiXXXAoZR3VKaUIb9jMecfxZSyWWsD7uqqnr7ZmZ24oa/InHg23uEa2YHjYF//0QfU3fBxeqfzFWpQO3vATSDulDDQ5riS57lWyxCn/Rzd0Cfd76PARPlItP2atd3Dp0WU3NtzGLIDoS5Y6Rc2fTerw2SvMLEGnEGZd9VQ6o337kAvbAcM1C9fNfx7RahRffMc/8nl8JDSncgMxBxe8MYjJX4LRD11sMyGkgbj36r8By/xtb6Qp+cc4ncf8MOaZ2EetzUhtRbFbCOe5tq+/iyWcsNhL0za2pujvhn2h/FtAvO7zwE9y2SExn0bdw93cFbyMXvWdP+SQ6KCbtJA4qjShP932fO3JCwTrrZwUN4/ktUizCGCdxva+214pJVfE4++KCtx0c03QytuLVv0DRCjx0Wriut1IzcWf9PBrYoWJJwDzXpHfow8WbWzjYCl/RH5DnAuH2GbTecfKoCrqlVicT/SUjIYDvQ/mpQ0yINnbMMVeGerfJmTifwfQZ0mKTHbyFSdhUQK8IJ6zOxi6SX4Ey1M+8pyis+3JAEjIdzYeJrZ7DzdZhqBJQK2PDIc9FHOCv4WmrG37lZ9ejxH8upgxVBn5280dBG9gosIGYBY2zWa+Gr7jpvci2gNvAd9wptOxoCGIv6F/4TvlpcZENlHx0lLSkxdUVEHiPjw5Fmktri0+m10XGH12rsnDnq6Ybot6ab8a21VErVEFc16F0LIWZJscJI5geo21ZaDhxp0X3QqUOPdDSJtfdsGXNnVqHCm/r5cqGpkhCWmvpAf0DB44+89IBbcRmV9EK6ScxGhy+8mUTJg3KWy+IoGyamwswOS1vQsA0hH+TfP8G4v9JQGPb2CzTxBSXTw2DiaTkf1F8zWoWHD6XRNF3xDJYtdk6BcZJXaH9q7HOilL/dZC14QoSLN564QR+Czs+2PXwKb4s2BDRhUxrhga9C1FwgmqaSpMwgp/xc91sjxa1wgSI6BXm4yN1YfWV7upDrLr3bU5Col9dfjWl4WWhURXZe72h0uolXG2BtScE28EJDtkLdrR/MIiN7A=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:44,994 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:44,994 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110144Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQf4dd303-5b07-46d9-b856-697defea83b4|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_b1cd4ccd206e5e5191a88311ed189870|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxuKD/Qj3DGt5VBbjDsB4x1EKYpmj4VnTjoPhyu6FqoJuEAOOBJmvucGd51Bkl/O5kuQixTAjMyf1NeHRdHsSSm8X1BvDfe+6xzIb8EAasEWzrf82+9aCE5Ub9xhw=|_cdd9570a224f4717fe0ad9c40783532a|
2021-09-21 11:01:45,326 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:45,326 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:45,326 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:45,326 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
    IsPassive="false" IssueInstant="2021-09-21T11:01:46.002Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQdf93925-3741-474a-8d9b-82e9d5fc61d6">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8VSsvmsNj0smu+AdodVy4rEmdo4bGJOrisBcsGwOfuQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
QXyDTOLe/8DYt9PCOvwATvHs3U4L56KZMyjGlCu6z7jWrLe8Qg9YmhSw6DM7tvJbs5LztK0Z205N&#xd;
2PHUxDeAKfvtv2YFTdlI7PUEw5k3Y8lcVSomya4RnXxhpwn2hjfWoZbb41ppqK8OCWjxKndxUk8F&#xd;
AqtvKTBGSJgOfzoDkuhGlyoN/xZR46EsIveMSBjB0ILxBbYAuSun6ZfLcqEHlWwD0eWO2OEaVGLi&#xd;
P9GWwKnQG4t76JaBv0Ur6ouHuzsyNU/2GwGGvl0q+dk+6FAlwlnOumX18+evXyGhaVUvvGHl7UPJ&#xd;
djCP8p/URiF/DBArLO541jcvHI0i++BjsAd4mg==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:45,327 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:45,327 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:45,328 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQdf93925-3741-474a-8d9b-82e9d5fc61d6', issue instant '2021-09-21T11:01:46.002Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:45,328 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:45,328 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:45,328 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:45,328 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQdf93925-3741-474a-8d9b-82e9d5fc61d6 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQdf93925-3741-474a-8d9b-82e9d5fc61d6 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
2021-09-21 11:01:45,329 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:45,329 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:45,329 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,329 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:45,330 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:45,330 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:45,330 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:45,331 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:45,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:45,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:45,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:45,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:45,331 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:45,331 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:45,331 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:45,331 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:45,331 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:45,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:45,332 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:45.332Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:45.333Z
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,333 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,334 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:45,335 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5f6c4a18'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,336 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,337 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:45,337 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:45,337 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@5f6c4a18'
2021-09-21 11:01:45,337 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,337 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:45,338 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:45,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _540503191ff5b72d796a5e48dfffd4e8
2021-09-21 11:01:45,339 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _540503191ff5b72d796a5e48dfffd4e8 to Response _c4ffd3ad26ca866abec59368f9fc92d3
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _540503191ff5b72d796a5e48dfffd4e8
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:45,339 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:45,340 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:45,340 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,340 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx/hfq/nAWfET2hcgrqAdrV7k6Ejq2ukCW6IsuSB51+1aVQXFassfaxhMhiQHma3UEYwsxJ1ALYYnJWP5TnVDB180nVDxNpNM5STrrG1iYiAiSx6N2IyHbjtRZtMo= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQdf93925-3741-474a-8d9b-82e9d5fc61d6
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _540503191ff5b72d796a5e48dfffd4e8
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _540503191ff5b72d796a5e48dfffd4e8 did not already contain Conditions, one was added
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:45.337Z, to Assertion _540503191ff5b72d796a5e48dfffd4e8
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _540503191ff5b72d796a5e48dfffd4e8 already contained Conditions, nothing was done
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _540503191ff5b72d796a5e48dfffd4e8 already contained Conditions, nothing was done
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:45,341 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _540503191ff5b72d796a5e48dfffd4e8
2021-09-21 11:01:45,342 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,342 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,342 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxuKD/Qj3DGt5VBbjDsB4x1EKYpmj4VnTjoPhyu6FqoJuEAOOBJmvucGd51Bkl/O5kuQixTAjMyf1NeHRdHsSSm8X1BvDfe+6xzIb8EAasEWzrf82+9aCE5Ub9xhw=
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx/hfq/nAWfET2hcgrqAdrV7k6Ejq2ukCW6IsuSB51+1aVQXFassfaxhMhiQHma3UEYwsxJ1ALYYnJWP5TnVDB180nVDxNpNM5STrrG1iYiAiSx6N2IyHbjtRZtMo=
2021-09-21 11:01:45,343 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:45,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:45,343 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:45,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_540503191ff5b72d796a5e48dfffd4e8"
2021-09-21 11:01:45,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _540503191ff5b72d796a5e48dfffd4e8 and Element was [saml2:Assertion: null]
2021-09-21 11:01:45,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_540503191ff5b72d796a5e48dfffd4e8"
2021-09-21 11:01:45,344 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _540503191ff5b72d796a5e48dfffd4e8 and Element was [saml2:Assertion: null]
2021-09-21 11:01:45,346 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c4ffd3ad26ca866abec59368f9fc92d3"
    InResponseTo="ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
    IssueInstant="2021-09-21T11:01:45.337Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_540503191ff5b72d796a5e48dfffd4e8"
        IssueInstant="2021-09-21T11:01:45.337Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_540503191ff5b72d796a5e48dfffd4e8">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>vrsefDk7y65MA+njaxxaR1Ouh67eygrGt2uosCAvLR4=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>jCJneTnD+4jKiPvM5L2eBj+ysfOhHl0A5n5ds4aZeTJxq0//ExBqaWJqIaFGp6PBqkgh327dcou05CnoOgrtwdjy+stuzaHkKz4StSeWrAFzeDx9tJAVYjuI4fdf3saFam4Dqeeq23oIflahRK2gVk8fQ2ZpzU/WH3qEnjgL4HgrslF3q1RTu7/DceoGBBJxhpjK6gRJd+zbZ4uIDWOyoGBIun3KHdVhRMOVFcko1IBDAug/KzzamKUta0kqCyzpLkIk4ogghHNo/q/F5uNjHP4DEvjz9+aAWQ12MM3jq28HHOWzh5cmNr+yV1pi+DWvQ6KsCgFZ1KoDf6vTCYacjw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx/hfq/nAWfET2hcgrqAdrV7k6Ejq2ukCW6IsuSB51+1aVQXFassfaxhMhiQHma3UEYwsxJ1ALYYnJWP5TnVDB180nVDxNpNM5STrrG1iYiAiSx6N2IyHbjtRZtMo=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
                    NotOnOrAfter="2021-09-21T11:06:45.341Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:45.337Z" NotOnOrAfter="2021-09-21T11:06:45.337Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_d5b864ec65209d5182d8b778229b67b0">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:45,348 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,348 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4ffd3ad26ca866abec59368f9fc92d3"
2021-09-21 11:01:45,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4ffd3ad26ca866abec59368f9fc92d3 and Element was [saml2p:Response: null]
2021-09-21 11:01:45,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c4ffd3ad26ca866abec59368f9fc92d3"
2021-09-21 11:01:45,348 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c4ffd3ad26ca866abec59368f9fc92d3 and Element was [saml2p:Response: null]
2021-09-21 11:01:45,350 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:45,350 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:45,350 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:45,351 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_c4ffd3ad26ca866abec59368f9fc92d3"
    InResponseTo="ARQdf93925-3741-474a-8d9b-82e9d5fc61d6"
    IssueInstant="2021-09-21T11:01:45.337Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c4ffd3ad26ca866abec59368f9fc92d3">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>lkkSY02O5ulZEk16zfiuMn5t7jaiFfN5nQJzjgpng28=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>A4PU16x8shgXScH8Hm03sI6Gq/Gk7fJrT7IiMAOoRdR1pjSIXrzT+5VMge3cxR3DcOAmL0En5wKbhXKBfVewTv4f3FVHTnkkOT7TjZjIRgYvMzV0U8Pjt0q4qkqwSG0Yzj8ZQpKe7UKn3VbvWIzaVjX8t621Y2HZEkvwesjzy+SMueyiWEQn6dFNiZaHsBB0SN5S8XAOiiEgWcd/Q5qWDAd5teSiXY2nPtiVpr5gna6ryobwTcQA6ajDIcbBB4ZOa/mEaOOhu44A2XIW2FkcBhrJ9WIjS+mx+5fAPzsigVzIVjVAbFXSw7Uc5wCgOicDAw1KIHkrXQ6sLdrRnVwHKQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_38699343d233e8cddad67157cca3cb58"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_3f228dd1a231e23e0c327c3a32ff2209"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>XmrXqZse+IGaLWqJSn4fEy8uiu/5CABJ3f6VjHEanQd6ju/1jAOrbvWb8/pPVW5RPJcYOMZMCgYQjeO/6T05ngDXOc8OKjVierxBF2ZiVXbbR4PVnQOyxAv2ImW+igWgMX85RI4vjVx3dqarwanpSV3apG19xhqD2P/ZADB4kZzZevljRE1L6RsPL2IoGSHUq34/HFl9w1o2lyUCiQcADw3EYJsEKknbWk2BJ4lzkSMshvWPz/rJKdEn7bLa7ZPnjCAd9ColxbAIp/xllHTX5Nk5YUB280Iqc37TtbOLWlYhiHxl9LmrIdpHfQ+paQK/cUO9CICoUE5FTeoBydFT/A==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>lEjtbIsAu2KKwHye/NhCtSDFyrwOJ051uaav1XZqdhAoghK/nRfGfYGfIfxK5Kj588gDb/AfJB+6TEujoI9EhNCkJKjfrVq6MeMCjUAi3YaYo+daxxH2s1zQK9nHWdZbNNy2wEyQJ/oIJJrwos4NJ7iSUCgfLicbiYusuOcPb/pewdyGXdhqRK3p2Jw6Lxnx+RuI+2jshrDlVmLkpdl6WNMBmwhBah0XYmjmdg/O6e5wkVNSEOCc4/V7grBllF3hQb4JpVkwxMsaZYH1PJuEaMsjhOBtmK7FghKtn+6ouE0uIU27NqiGd6rshJHVw0WRQvUsk+bEaG6z4K9luRN65y0CIHtdORzHkMxTrd8AYP/8n410GkBDQKAydbQN4UdNnt+C3ij2rq85/NSWvj6mI+OBFJ53ci+Oy6WUCgJr2c0MHwf22/lLrDYP9HI1Ftv2Xoc2FEdVBv0OC66OE8qVSM5IiJbno0iktbyBmxhZSLTZv0j1AqodvJoLhlJH2EHZ6yHyUvic+c7QxtY/FIPCaeGdc1OEVkallLx6LWYOYZ8/kosJ0KrpcJwMp3/eD3YwOz0COyMHuQbHYYTlmCUKkb62yZeYa1wwtDXo9gBCbRPdBlMfjpBkSAx0ubh/ljYQPKYyf32bq7Eoa7SG4HBpV1oIjgej8mt4RpKhmr+l0v0yb7y0JYkfrDvxGI5LQwKSSfhRvZBsXiXzwjsEgy03kO0Spg9n5LYpLnj7RKO5aef4Xt6jnKUWkHZBTm449SqcnQ0te0pKBZQ3exA8xJEd3FDWLr7myymT5tZJLhxD8xaVBwcWNwxMZmU9rY3KRnnFVkyn/5y0LoxGuwIUo+H0v3fLEQnaEt7bDUdGJXBjxTPJgxZSv3SgrMl91a+2Xro7bds3Bp/R8QLWyd6IrJdyOL88DLXc5fSLL7EMDdvzea57sX51S1FEr1M6bsgVYZohOeXHdzQHb/OXg9/qfDbqCEqNqRvQb/enUyK55iPibMeDtv4Pvz1yvbnypz2xSYZE7tVHKBHAkkzhnFA9T8r8Dsrb2ACWfyHYVKqR6KT7FfnSNgPwSlnJsqykgGSVdmFhRUY607Q/3cAozlJmLCSzfOxEzHd/yZjaKTO6cuh/sSUeeky5XtL2jY6PPhUhdnAZDm4iJDcgkkLzYcJ4LdEdMvW43MGNLkQ2VFwUuRqtzTgFesafqamIe4rb76DnmsPn3pR6uLyHZadYFGMeeXXbJM8vQODwLp8NS5Qw0CGzmrkS7lNWH4kn0/m/sNY9qWa1XHqNYv4+lB6biFS8upeA6N4wVuitzCZRNKuuUrUIVhEMmxdGT4ExPN5iHlVP+7f/yI746irPnOItvycfzHblRu6BS7HLoCeRd1Utng8GO/fqnhBTzCCHj7pymiHYVPJJbgoc6yVv3cZw65OiB87PEUdDd6s/JpXboV8ILa7DoswIckJ3pqVxQ3z+3gN77Ob0JnGY+BEObRpbxjWej2tJw2iWZWFKWYfi68kZxl3Sd7crp5oHfmuDrdVZR47byi86JtDDmox/+e/JP6LZ+f87pW+nqAZPggrPI62NQQEEq16/cwUL7GcQc2ela4xKERjFDyoZRdEZTznjps++dSkc2ofXjalYZlKtf8LvSqFrUDHXj0NKimNDRmS47JZ+eyG3xs1hl32hMn4SK0/BFhIu1IZ7nogmvvP/d/8Cc0IrHtAB1WOCyk3K6dOqI3CbeNHhHWLwoSnw3GC4jDLtPrau5XHXHXyJSTtJmFt/b+hzmYjyFY6sayCEkwPU18y99v/vTY1XBdkYwgdr8CIwARiEfilr5IUiTBkJiiiSPgwli/HbQhfc7tdY5riU7BRu+CyPJgrxYeQar2ajWTdCOB5sK7ieNHj7dYLqJu4jyqQyDfvFJVmaLXMASm8+5K4pmziB/joFgh5DU3cLxl6lo2LFa2ksGJ/nGJZnOSccB2gZS+q+WbVWth0fu3qtLzAxFBzhYbb2i8I9jFULVCiIEiXCFrEVlTPL+vMMgpfgPJRXmrRWxzgRxI1NygUsSR552lVDYBkE87KTlENxtaaaa5WhFGmO3NpapsOIJjPCuJzCd5IjrjSz4mwsRzbMsZVivYiC/bGN5Swa4nwEaSCOMR5U3Ir1U5YQRJT5ZO5A7sdL/qCTLgo+mrjvDDNdusmTHxeHaGcai2qGX35FSqCfCMsK+8xY42287a2MboDdFDcEPDFcPLTwX3Md6hHqvIeAhpER4ga+66y3XOvZ1K+7MNb7/gBzgcFYLCOw1KAeHTZbRlr3DyH1r25x1j+7D5ICgY+SlkZKXah+vbfnn0TKi7MsS0jOxA6kKCnjCazf6DK7pTPebim3p6XwzNXxd7hZw5wZOyR4YCH9Rv3QreJHYpE44Ut+ytNwm6GKAnP7I2MQBirTOCBlXqVqLn3+7Qm9oST7f+x+hL1lx3wceuy/P/faEFAF4RUSYJPkPowXj4vG8tPEdH6M3BmYQS3HTUsZ1ev2E62J7PlZE2By8eT3jSSz9EeoJ4n3QIrS6ALR1ml4m2HJjo0UjtRbuXlBT33t9+cthGw2E862NHagvvucOwAhEOv/8GtoHUPw2n9YAEdyH9Hub/pFEAn8/2uxRhr8fIF34rjk9WCE5R8IZ5ZLoaVuex2akO7K5Ja1dLJ9/C3xh4SAYkfTsLicY26Q2EiJS8vRVDdAYiSuHMwPbc8bXMsutgMh9idIgAJITjxVz9OPVRORIRNIz57IcsRCup2E2TsvmPNErdd0YOOo8cjMW1P6k7mxEQGpUfY+PWED6SBqZ287j+1Txy53Pe/B8EpjctU3ZzQNCgDxfQjULFlRxmsQIu3FTR/q+dTyCah1nt/7UWSHJAHIlezE5ctKEkFzf6jQol90Uulc2dtc6iQQPOwoO7IYEExyfjW3CcEcnsO8bu/rGjCcB3sVA1C5LRx3fmD6x9MfjMfgdQqAGhT0RcEB1nVFAwgjwtWj17ixiVH6m5g/BFbjpxG8e0dDxFVgDcQuej+3MaC95ZKyxZ0CVT5+OJ7BXttlF1yplkD8WnyICxn0gojLrlTmN7/e9Z1pgH/p+Q2GEk+oWzjLR1gLcXjtcg/28p5L98DzqaRfr/PBmvflk+1UQ+2PBNn/rppf3ip7sq40ig6wWmTO14cmudHJkcfOr/tU2rYw/Z5HO/AfRGHSkdOjCf1f66X0rEo77IrxdS663XLQyoXMzOdAKna0U7PHg0hzQ9Ic8+KKLImISo8+yBItMda5jrVDGNVF4iBvWDMwc/W2DW8YDK4JOHMVFJzqjgo5cgNGYn4aVSiWiQCs/1IzKJ0HPFnqzIlPg/Ai/nn+IWgEv88Ey7AELZEONY1lvL0YZm2ZwMOhLo1WTZtQbFdGkHHnl+TZBrYq0xNNItUQP+dzJv5R2yEd5tQMoXhOUgDl7KmkfqFf03OgqHcMYbss3OXZYzgYU8ddzCGD0zB4KZ0VhKO/7zCC0hfEoT/bKlh+5jmxnKV0597ahPfLLSoQIlPQkiVCgupid9L86KB9j8Iw4zlSJ3/B4se6IKCilxhYTkQqlLrTbmiPFy4Dw71HD06PAHTSHKcQKTUDC0u8KtBFLleDb7XeOBP4iiZRhuszZtsyoyVJgo4w2BBFkw/sLO3ZeOT5LXG89q6ogqHwTv8Ine85wZvaXi5BdL8nfxdVee/+nwnWT4JbX5F0xw15FhjuqDWf6Z7j4Z1I1reqLAvIbFLTHx5V8adHdJV4GuQ+SON4PZI86wk9fSoInQCo/A2RxpORiwEuJN10HK8mn535t44cY6RLMoJms8XvFVtOvfiw2dKoCQr4TcQET+IrPdRT2TKFpjP5IuWAW38uJBckq+jLKegnPb5lcpI/32px6yWETFWSAGnUdhiyjyxyQBrCr70LyIsVIREMJxSsujY34wg+lOqgDjbR0bVof1mZ78ARY/rGrM3j9bQb6yQguEfBDayUw0HoOtLfDBYz2KHxWYcl+cri5g2OAy/arYZCT9YYTfJ7u5wraRiPm7HXojDhuHs44iDijVf8rb44NFi4DsM4dsToplK1yvExCbiuB429kVbcvnHosZOyqeOh7sjMwLoP6uSZb/t2gRIVpc/lBsYKa0abIdoKn+4sRv9ARKd/WP/AUNXWiHIGup+QGbmF8kw3NfClH4XL0eu1RaLEQdjndNwaSOmufPyIBD1FpjSIhQJwe/FIFOJiHT7bLNVvkItytULmvOoTmGdKUogtw6hzv5mn2r20PJxFvCFoOALINXFQWITIe3F2A2LKCfCJaedOBN/5B2GfDRwZDNgNN7Ew/f7FPysXa9ELsxoPCfXJ+Hp5qs8sTmitOxLjTZoW5ZAQquvTDdvpkp50ZdLS22qVSzGgHJlBVYziCsIg63GOR4pC4gvwjaq3NtJYJjbNyK0a+20oaDu/aAKUDCm35Rc4Px5afPpwkXqRuTrKa1nNXhmFtMBsL9SqUykZ7BeV53X+dUP/+TpoNmGJ5ntpMK6S64GfiIAESLy2YWWqlp/DjBLur0dm2Fs3iTYsC7W+vPv0Ro/uhSyzmGsEWb92HoV+e+UfXXlDufbMVcHwSXh1v5S9NAEaBiQqxgIKpkQfVsjlSzTvM35ks4ryyqEqaKzcGfxyQmOw6+ZJPw0+QFrz6GzkgD72qxw0D95aB5AXk9DiRgM1D0ZrnnYN4awOf3liDxApSkoeViV7EPq+pV7BFPhHrnX4DmvKaYoYTEPDwIHWdVE83eUqBMIhwIAz+kMkIaQfkfuXg1xjBFWOOqoqnaIozzkI2SERKJATme+KRByS+wArzKSje/vzGCiROY4lqkElRwgKpu0i4FZqmDPvaiR4ExNC37YPCEu4rrEGW0o7039ybzR5HO/u8iNF2sokOtzTMb4LJ1TH8M3qpLYvELthKeYiBWP4FiVx5favKTMoCM3qiuDl+SUoW/sxAUi4plGwUfb3G9cu0Eh/e6jrvynSFWyh76YelvbaXPo6nSF4oqpPHbJZi7/y6eiUV7cck49tjlTE+mOY0Crb4Oih3VqD2zCvloIYajc6Z5GUAWS7iACkBKGoT2cm1rUJiCC6TXJ7pq9gfeULUsvRx+rzU+gqvQHS58VMDM7bibqN4eZFrmL9H14wunxe7FIKB3OfjYRi0pLwnorxoog0GxHUNxbearghStkegJQRUZ0GN/OoXLlzH48yu12Gx1pG4q9F0eTjkJ6O5edl0AA/+Fe7b8aCUPnQ73FWpwILkkIsKaDlwul8l5QNJIVLP2gBAtna8b44Ro9mgnCWHnBWVpxYf2S3YgW4H3BCS8Tn1d0YRqSbkMCduPW/yZFoOCBG9rWDNuj3fssAlpE9ncox6oTvGssESYk250HDi2Abh5iSeN/A6HJsaqcOHMwJg3hJ9xfhRscR7EeG97QQkuFtsP8RWI4sJWh7yGdbvDyalA1WwjYfG4ChIe/I96SKGbSAjtCXS7T0Vy3dKJL484R9TrRrVb7iW/rD6cqVkJWytOdZ9T55moBXs93R5VP0a39jhsodI7KiQebfUrWyDnwM1leNvAP1Rq2kx1dPO8G01H9U//zcTwGT48dDHlS5LdtbdXWnnGmP8Pt+W2b7R4BF9ALJcIilQTLL1XzaDvqzGO7lv7ocmx1Ms3s3yX1aC8TDJjlvyxSXZxHnVz+93syNnhRXDQYtzd6hRs1CgaHt1OGoZbZfT/adZ1xecKnyayYrL6Yf5Twto9WRn/3tY6RU4gC2wx2zBTG+s0Ms9h3I2qDejGRAglVnzTtnmABjIuifQTZFbdJFSe7gV7wri8mKOEF+jzK1TxOpBazklHwYCDn3dEybToVL/h3W0D+VILx42Clh0Qz/cJfYyDMrnxpb5AKJfqgoDGd8fzeatylrE34iZrvR+7m4V0tBv1LVUUe+D4z3j9kA5XXs5h4yrenscMOOhVpfjUwXZHEFIPk3b9XDQ3nLd3Dx8RRaBKliRfY+6HMvhRk4ogJoXYZfvKal421kER3flLU4pqhVHwQcXXGO+h/VXqY9m4EhWra8shGqRrXcj4VCAB3CSM5uyYyh3KOiBPhQ4lws39/VtPqyRqhwaZelJ8j4Ox7qKWAXNNxztkspyP8pgbw0yVALSHXxxWBUqGk9cqTC00pxw7MhlhNEq5t6D8HSY6lGWPhecuyYcCHKi4M8sOGAMJIGiOXp1HkaeN6udoQ5yZFmOqFBsAoD0hR1R+mejIpvCLtPfod+LwwWRvWJkerzcWDwFVwBla1ywA3SQJdW2SNCpkUwPoJSAAKElUeJya20ugNzHmpP3GjhHcp0qL7TSA1YjxqVe0EqRQS+6SgqD6WXmCLsx55ro7vgjoUcNi5EarVBZozMh5XxLySTSSTtDwzRClGIOx/O+SuMsF89WvEv1syT7CKyAstIOn7TRjlqnwKDMy0aojVdYyatgOTbDRImcA0Zhi3EOjwYU2SHDEGMqykwJjMpAd0JE1xlof8lsg5Q+ALVBg0uY3D6GL9h9/TZtaxHVzV9xh4uOdAUYI/61VT0xoY8NTiRu3DQa9SvBICPa9mH4ebmtgYfNziizXw+6aze7fwGW3NZNL4m4I6ckb/A2ld3OEv+dDMLE4ULp7ClMNeyGY1vr+WUZRLpbeJragZLyRcpzLqq38rhPYiJ8zdvMAJAq+xGWEa7x2yZXH9rL0g0Rp/Txpru8evKjgn7f9ybkOTR+QBMqNmSAkgdboTMUTMiWXPoR2BjDAz0fwA4YMfkqAgf9HoKVupvUKtaSDkx/uQopbpi/vvrry5o2OL2WfzWOjJYIuOdJm+zLOq8cYSfpMMYIwIGk97U+t1it3Edka1xBcf13QiWWoiXalCdHx2+pX+d0mYVLpSFdDB5vXPuMAiMcxJb0CrUhXdzeQzvTYXIaIs+ts2V2Rm2C/VbINeP96gIDu/ICy0HuPzuTsLam+PuubfvojHbuEpf/Tf9mEs6PJUc1cu9bT2kRsZkY4LqopcW4bpW251mkhn4HxKqwBynutLwYBrgunGJh3mbH6/VrTsmmTU4algU41XiRHVXgkp/j/sdsn617ijSMlI97msXbPuknR/rZDMhbpPBvHHh1R+hSuWj+CsI/0ECQV8WHn1PTXK90+aQqHUs4xO1tKdRdeZxXyMYUx7tK6cCa/VDdoxnNd5aFj2d4WgTbiTc3qM775Etz2eK9oR+gBGV7FjMIvc/FLKlX+N3GzULfLzQxfTDPaX6UPC4B9NAxFYmdUTuaQcGMo34GCNjXOuHnpmcYqQACNBFgA4r/P1vGbmDE/uBiZX/cnLr5bAs++wiYSkVu03Y3XquAJVHOdJa05Qw+1Gu4T6ZRDIng0ZmeoKCL7vWjf+rB3SA0CLG9PX1snCt6TCCYwPa45A8Mc9K5D2hVxBZTwp1fUTl32wse8ucGAGsBzTprqblG+fNwtQwLOEkkFyXtzfusCAMaVizYZlpYx9kUoV4kWCcGSVcqxxFx3FSiBSpfrBL7E8MPDfmxpVYxx4IDTnlJljPES9QNjiRCNEAip68W+/0EirQlK/G0nQSxItaE3Uz8VvRb0Ijz595Ibw24c8ivk1MkNVMZqqcdC9EYn6toVZviYvqJ4ApP71m3YwkdC7gec7saG9gqSljc5pwYzNqzrskQsShrlemBxNzTe/c5EuXTVm6pGMR8WahuNzm3EnON6EYcwwvZ86g44uLvT+wZ1IoRJle7HeTsAKzqdFEkARKb1x4VlDqAIv0Hwkc7OLcXtTIQ0yN13e1Zveq3ymPfGfgZT8ybsheUDyaoanU8CVNbRJuYteq7NygX6sjwSSN4ZDGya32M+18HAe6nf7ClmXD2tVkbGON1s/nJiioIj1x5gPydB1kybr9Dyeltjyk6TPeskPJPO/3JrNu1TRKd1RgVJN09b33hF73L6CGFbs4md/eUae93IoKc6bDfx4ZXtUAOawr14+RYCxKX54OhZ19OLxpDxYrASnH1Kld/SPB5ljWU77uv3frmkUa1zrbXYdjHZsJCVI/0DW8ND8QT4QYMZ6O0fyI+18PNFGe4pq1ll38ooV8DfJHlWdnhWnBSLdl/viUw5vVWYsXwSZ4mc0d5X0xcWLWWD5A8BthXwkcToG2Y35u/oBB2DNJrirwAMbcdSBj+sFODAmtyRl9EwdkAxzavuZvu4tjo8P8TPPRJZrnMxiVHFxFsVia6AyseLScaXc/9tShT2EekFtPW6R9fkr8AOxAfNQ/BfK7huasd7Gy9IghLPkjqRJ+xclFIsj3uRKcJ2z2uOjrgyOT0O/bxl6Vf8Kaptf8MUgIjUitD4gN01wZI8OG8p5YtLU=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:45,351 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:45,352 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110145Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQdf93925-3741-474a-8d9b-82e9d5fc61d6|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c4ffd3ad26ca866abec59368f9fc92d3|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx/hfq/nAWfET2hcgrqAdrV7k6Ejq2ukCW6IsuSB51+1aVQXFassfaxhMhiQHma3UEYwsxJ1ALYYnJWP5TnVDB180nVDxNpNM5STrrG1iYiAiSx6N2IyHbjtRZtMo=|_540503191ff5b72d796a5e48dfffd4e8|
2021-09-21 11:01:45,415 - DEBUG [net.shibboleth.idp.authn.AbstractExtractionAction:?] - Profile Action ExtractUsernamePasswordFromFormRequest: Trimming whitespace of input string 'rick'
2021-09-21 11:01:45,415 - DEBUG [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Attempting to authenticate user rick
2021-09-21 11:01:45,415 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolve user=[org.ldaptive.auth.User@957019304::identifier=rick, context=org.apache.velocity.VelocityContext@bbc5dfa]
2021-09-21 11:01:45,416 - DEBUG [net.shibboleth.idp.authn.PooledTemplateSearchDnResolver:?] - resolved dn=uid=rick,ou=People,dc=samltest,dc=id for user=[org.ldaptive.auth.User@957019304::identifier=rick, context=org.apache.velocity.VelocityContext@bbc5dfa]
2021-09-21 11:01:45,418 - INFO [net.shibboleth.idp.authn.impl.ValidateUsernamePasswordAgainstLDAP:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Login by 'rick' succeeded
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.authn.AbstractValidationAction:?] - Profile Action ValidateUsernamePasswordAgainstLDAP: Adding custom Principal(s) defined on underlying flow descriptor
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.authn.impl.PopulateSubjectCanonicalizationContext:?] - Profile Action PopulateSubjectCanonicalizationContext: Installing 2 canonicalization flows into SubjectCanonicalizationContext
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.authn.AbstractSubjectCanonicalizationAction:?] - Profile Action SimpleSubjectCanonicalization: trimming whitespace of input string 'rick'
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name was established as 'rick'
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Creating new session for principal rick
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Created new session 97d11a7ef602226aad096ca5c6587385ca6dd39d07f215d23b5d1d8706601af3 for principal rick
2021-09-21 11:01:45,418 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving AuthenticationResult for flow authn/Password in session 97d11a7ef602226aad096ca5c6587385ca6dd39d07f215d23b5d1d8706601af3
2021-09-21 11:01:45,419 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:45,419 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:45,420 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@330dfc8c'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@47f41dca' with context 'intercept/attribute-release' and key 'rick:https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663238411897' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@330dfc8c'
2021-09-21 11:01:45,421 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,421 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:45,422 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:45,423 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:45,423 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _deec9704f3817d6b76034b9049291c02
2021-09-21 11:01:45,423 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _deec9704f3817d6b76034b9049291c02 to Response _fa52895c2edec1373f9e8e0098e05b9e
2021-09-21 11:01:45,423 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _deec9704f3817d6b76034b9049291c02
2021-09-21 11:01:45,423 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:45,424 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - Applying policy to NameIDPolicy with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Request specified NameID format: urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx0w+1LiFQEaetW5tWBiBTa/z/qYiIDZb270hKGAzG9BjG1eFztznekJ0HoBFy/MtbFQxdsQ3Ngbha4cFXnCcfSB0p+fgu0tgzi1xztH+SOrVcNjsdAyDaSsAg19Y4cbmE7aIlE9NjjDUY/JAlPvYt3tYOC56hjbiKWPvCkQHzHsy/lGp65mWbXCEMF7MNKYt0 with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,424 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 91.32.198.19
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to _e0b6a8f223f4277ed046064bdc306ecbef65e0b612
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _deec9704f3817d6b76034b9049291c02
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _deec9704f3817d6b76034b9049291c02 did not already contain Conditions, one was added
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:45.421Z, to Assertion _deec9704f3817d6b76034b9049291c02
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _deec9704f3817d6b76034b9049291c02 already contained Conditions, nothing was done
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _deec9704f3817d6b76034b9049291c02 already contained Conditions, nothing was done
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp as an Audience of the AudienceRestriction
2021-09-21 11:01:45,425 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _deec9704f3817d6b76034b9049291c02
2021-09-21 11:01:45,426 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp to existing session 97d11a7ef602226aad096ca5c6587385ca6dd39d07f215d23b5d1d8706601af3
2021-09-21 11:01:45,426 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp in session 97d11a7ef602226aad096ca5c6587385ca6dd39d07f215d23b5d1d8706601af3
2021-09-21 11:01:45,426 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:45,426 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp and key AAdzZWNyZXQx0w+1LiFQEaetW5tWBiBTa/z/qYiIDZb270hKGAzG9BjG1eFztznekJ0HoBFy/MtbFQxdsQ3Ngbha4cFXnCcfSB0p+fgu0tgzi1xztH+SOrVcNjsdAyDaSsAg19Y4cbmE7aIlE9NjjDUY/JAlPvYt3tYOC56hjbiKWPvCkQHzHsy/lGp65mWbXCEMF7MNKYt0
2021-09-21 11:01:45,426 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:45,427 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:45,427 - DEBUG [org.opensaml.saml.common.profile.impl.SignAssertions:?] - Profile Action SignAssertions: Will not sign assertions because no security parameters context is available
2021-09-21 11:01:45,427 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_fa52895c2edec1373f9e8e0098e05b9e"
    InResponseTo="_e0b6a8f223f4277ed046064bdc306ecbef65e0b612"
    IssueInstant="2021-09-21T11:01:45.421Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_deec9704f3817d6b76034b9049291c02"
        IssueInstant="2021-09-21T11:01:45.421Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx0w+1LiFQEaetW5tWBiBTa/z/qYiIDZb270hKGAzG9BjG1eFztznekJ0HoBFy/MtbFQxdsQ3Ngbha4cFXnCcfSB0p+fgu0tgzi1xztH+SOrVcNjsdAyDaSsAg19Y4cbmE7aIlE9NjjDUY/JAlPvYt3tYOC56hjbiKWPvCkQHzHsy/lGp65mWbXCEMF7MNKYt0</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="91.32.198.19"
                    InResponseTo="_e0b6a8f223f4277ed046064bdc306ecbef65e0b612"
                    NotOnOrAfter="2021-09-21T11:06:45.425Z" Recipient="https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:45.421Z" NotOnOrAfter="2021-09-21T11:06:45.421Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:45.418Z" SessionIndex="_9c35fa1d075ac039c74dceee56a5ff02">
            <saml2:SubjectLocality Address="91.32.198.19"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:45,429 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-09-21 11:01:45,429 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp
2021-09-21 11:01:45,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fa52895c2edec1373f9e8e0098e05b9e"
2021-09-21 11:01:45,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fa52895c2edec1373f9e8e0098e05b9e and Element was [saml2p:Response: null]
2021-09-21 11:01:45,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_fa52895c2edec1373f9e8e0098e05b9e"
2021-09-21 11:01:45,429 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _fa52895c2edec1373f9e8e0098e05b9e and Element was [saml2p:Response: null]
2021-09-21 11:01:45,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:45,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp' with encoded value 'https&#x3a;&#x2f;&#x2f;schabarum-ba.local.cs.hs-rm.de&#x2f;simplesaml&#x2f;module.php&#x2f;saml&#x2f;sp&#x2f;saml2-acs.php&#x2f;default-sp'
2021-09-21 11:01:45,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:45,431 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:?] - Relay state exceeds 80 bytes: https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/core/authenticate.php?as=default-sp
2021-09-21 11:01:45,431 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Setting RelayState parameter to: 'https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/core/authenticate.php?as=default-sp', encoded as 'https&#x3a;&#x2f;&#x2f;schabarum-ba.local.cs.hs-rm.de&#x2f;simplesaml&#x2f;module.php&#x2f;core&#x2f;authenticate.php&#x3f;as&#x3d;default-sp'
2021-09-21 11:01:45,432 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/saml2-acs.php/default-sp"
    ID="_fa52895c2edec1373f9e8e0098e05b9e"
    InResponseTo="_e0b6a8f223f4277ed046064bdc306ecbef65e0b612"
    IssueInstant="2021-09-21T11:01:45.421Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_fa52895c2edec1373f9e8e0098e05b9e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>idXNveKd5hMMWYRbPsZyFlMBgbcfuIlE3JH1FwfVLYc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>ip2SRPMRlS4FqX7c73iQ9nDjhCKzqHHQ2Yu5bZiaXZ7jo7oACVIg22s9Nhk/e5NcCfES5CzXGJ1MwZmLAXd67cAz/uMiAVynVV3ydQ+X0p2TDzJIGYPx7oKJIj7IL0vGPqbE55xlRmjBsa55hPTPRLgfqTsJpkqvIif+w3rD9QdgS0wChILDQN6rUEj45eNczqQMufhmSYmigtcJ7148qaLHo12dIZMBBLY9RI/R1hg6CC6aLU68/OurICJA34tBsRrDSbzIFUzBxHsKm2Cex5XZlEV24N5CLoR9UrfDWuOWzjVExKhxcwjczaCfLx2aDO2AnMXW9UZdBgyz1NGK0Q==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_3da61870b9c87a8d38f19261094881e5"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_59b330b07ff6cc11dfffd5ad2ed62bc0"
                    Recipient="https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGbTCCBFWgAwIBAgIUPMaPEIKCbb4/r3L8EwYYuROUn4swDQYJKoZIhvcNAQELBQAwgcUxCzAJ
BgNVBAYTAkRFMQ8wDQYDVQQIDAZIZXNzZW4xEjAQBgNVBAcMCVdpZXNiYWRlbjEdMBsGA1UECgwU
SG9jaHNjaHVsZSBSaGVpbk1haW4xHTAbBgNVBAsMFE1heGltaWxpYW4gU2NoYWJhcnVtMR0wGwYD
VQQDDBRNYXhpbWlsaWFuIFNjaGFiYXJ1bTE0MDIGCSqGSIb3DQEJARYlbWF4aW1pbGlhbi5zY2hh
YmFydW1Ac3R1ZGVudC5ocy1ybS5kZTAeFw0yMTA5MDkxMjQ5MjhaFw0zMTA5MDcxMjQ5MjhaMIHF
MQswCQYDVQQGEwJERTEPMA0GA1UECAwGSGVzc2VuMRIwEAYDVQQHDAlXaWVzYmFkZW4xHTAbBgNV
BAoMFEhvY2hzY2h1bGUgUmhlaW5NYWluMR0wGwYDVQQLDBRNYXhpbWlsaWFuIFNjaGFiYXJ1bTEd
MBsGA1UEAwwUTWF4aW1pbGlhbiBTY2hhYmFydW0xNDAyBgkqhkiG9w0BCQEWJW1heGltaWxpYW4u
c2NoYWJhcnVtQHN0dWRlbnQuaHMtcm0uZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQDFD1j/8Sz2P6tOVxyPE4cbG3IhJM8xntIiVTokvKfgmlbbKPgosQZ2Ty9zH6v2lhqA0czyZa4J
0BYRREuwtq2Je49ACyaFX8RgcClbJb5Iw4j73ZnWP3cLagBhZ9+2SBE1oa5QbVSPrz2D0Ryf9Hwc
H8e/m5sC3joXs3Hum1fNGOBIkgNK79XBDi3f5ZYftsZlCVbDApya7UuPeX03XUJmutlFbq6NKevX
LGm5O0obCpcKeA68X3OycpPMVxMMm7P2rn7vXTAtKcRquLtU+qivRMIsShuzHC1tN8B0nn5jQ3PQ
LPl/n8+Xp0mqdSHBe5gHh4ZSjxoILfpKI4gfIhR7w51XyPjIsGsvocYkQLcLqAxKwIJpP7nkw86i
hvBuraoOeAg/V6nOnQHZpq9h7VOwGX8YmW39n8hDaF1yZSY/0eFU0vLHS+84cUS3U1Ufuucl0Rbe
a0ysx6+LE8GStG4iUGizyZOnjfS2sAPPhyO5BkszkQAJnwMFIotPPsKHBFY35b8fxN+e4vM0FXBj
VFqIesf5CfFovHVoaKYOc7EWghkwnsp+9CFlLaFcP+1F98TsBLaCCn7HDSbB/To0seXwqTtwuWrE
h3+IAgdUoxiDc79gDuWxUu8pMmtrDsJ/+zeb9pj6kaGmOxtX/eZxVKB7IQ6u4WnR+aDqse2cLeXe
DwIDAQABo1MwUTAdBgNVHQ4EFgQUK0G3ZUKqP5x9/L40jqPiaqfkGYwwHwYDVR0jBBgwFoAUK0G3
ZUKqP5x9/L40jqPiaqfkGYwwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAGtGA
dZxT+4qX2tiiz69LHcPcspfpUw33hX/iydHY/Mywixna1sgzJ1/9H8hMezqo4S/l1RQlpYBRJVAm
wxweoF1wuNHp/3nkwGJoWzn2WyS7oahOsiWPPsltyft+UkRTutmwP3deo6yUNk31g7juT3VJ21Ay
NeRgHhTWYB5zzUCd5+MNQAOeRxC+9o2Ko6+/I5rAYhCb7VAsAdYDu5hLAJANE5F9Z+6p4cEWmnkN
PFNAoD7swLg7HT92ntssY/Gqa+BbQKU+xePguGQ55+Km3bw/nBvpc9+MrX2ENpBOI+7lc0GmSo+/
MZMZeMqH8aziGjl42Dt9BwwaoVt4BuKihtr6NmGza3mYfZEpUgEwePmvCje/XXnfU9wfDApJEg6u
w39JcGmwI7hX/PvLwFlqupsD7A4mpahpy8eNM0q22gPItbT1SnpU0cS2Qcy/k+IQGuOaPaBqmhHu
na9u20PmNyGvYAsVqr6KGB6uw9qSw3DGL8b8Y2ZQsraiKi3770MAcyf4BLql2u2xCE66SWzI0Lir
eE493H7u8V+o2DrxKOUVvY+x8aE0PkOz6OigHUufWrWAdUhHDzW8zoSdcG6Bt/aY/bhsSFaO9a6m
XuD88aXRi4nwTC0O1xXWaN54DDK55T8f62Wa6zUJoHEm2yDrtOpBT7DJFBisJBicTCGStlA=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>vVrk+sDPGxPCRHXqV5hMcMWVtrKgTtwkgnYbkfuAeF1Dtz0Uh8exsjNjSUE5Un8fwFJVytpAjTm4ufSj3ZIa7YDFRqRx0T8tC+BN0N19I1eRRyXkR1YUDuBGo0hu4/icSzJGLWOdKxFVRSVzO9Kv1Afqss1oj55ti3esdL4zi6yDgp4liAmEq0UG0328oIfu6GCjWPfnTE2qSSORc7nKg3k791C9xl4NzxFPyqDo/FWVQrsSxoto8HRpY/3aMB0TT+Dhy0506TTQM4RqROT40VunXOoEgBUn6kpHlebGxCOy7Pt5iXB9qFoK+YeGhVIfe+lEvqEu9l2g1a0kOUvTguFXd2ZY0dB58W0pBIK5d373hpOVFL7NbZHgYpFC4RjjqEDqNDg1PbWaNAOADPNTxxNYjadweRertjjcE6TY7hITDjxMQe9xZ6ZRyiIc/iPMEXN53DKxIRnn0ztGfTy5qa08b7e9pKxCiM3xXEr/9MeIWFgtibDXSM+R3UAD++lOfRYX3cfmdUNKVJz49V02PdDZW3jvU2VXblRLcOvWzRcEjNmto6PuK/nnOotqfcpKWWjbQs8kPmmxT1/k7o4x8VJ+/IyeXWP8KTE7HOG5rhR39OrcSNdynrRlErOXj3/8RW1fOALx5qIfJMWN+a07a2IpEEeiYu3anR+FzzyF3as=</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>qkFFc0KmW0N0opKnpKFTn5UnTi5SbuZiKoZZnz25u4IBiErqBN2Y6AgDC8ndw6YJBKAJMHCCcC9y3XP10IgvHZz5ZF4kUVPrIuDUpbi7kiL47Ea7VRYsTCQmQS2XZdOP6QhXwzUJbYbWVXXDOa4etgNM4TDb5rAUUBOHdFSqUbaMfxlAJ1nOAT6HboZhQUDYN5ElKDsGSzi2FfaseoiBzRUdmYfo/TZGRWGjNPyEkrI/C9MnXw5yhoK2HTC5AkOVn8zmURuflCbGZLhyX3g2uwNwsZOrv36826WRPqNNTUH5XKY/4zcCQXKwr5mlXfZBFe0088RJscaYzpLU+AYfowl8ah1Zbv8TGwsOEee2OH2A6Qut0CkoAi9YcXXY1EXhSYrUtzEoq5zwp1aK/fwxuWG8GIxYkAKSbSrgQSuxQKZvgND29cziRTi9H0oCZCvP05785sfs0xZhZF5gEq+ip8ZHFJMfTFouSN8jTS0Irkj1PVDaUU5flDPC7BfXPtwZ7+Qc4nVvCjKNTxU3NMLZu0pVMLbZQAzewz4dmACn/OI/LYJs2jjbnl6Ia3rNCL6EQJ6TUud4x1YJ+0p+RCJpaloC8cntaeZIcCryfoDB5kfDrQg+DvMuBaJ+7sBvrhAozl0UgYgh40R8nxp2mSqUPgz9NcW41iRTkdfv6cVqCXGEMYEUHsFX+aCVPgjvvoJSmxPtZ6wikz5Azx6GERa7NfGtq0Q38DBT3ZbjYjKKSHXUyD5xCT82KTn43dWKegtx1iymnWFy1HAnEIDu4VQMQFChhTwHURtiJRRS1qJGvuiEzQbTM+bSe+m9zLYXKIlQO6X0JHoXG3BVbeNlyrrst3DkntP9tvVQoEQVL/2zOf+8p1HvU2IiMSdeCuz5Vnsoh56e1iCWILwoUfeGnfGK44ExbGllteN2JHGfUl7OdAfTsteu/hNdXIOkkzFGq3b5tqlaaYIgpnWTgviPHzV7CTm20/STJ/fctuQaMQnTTojzP4tRjRfhqP5CCALy5+q6G5e22BOJtDRtg6Yny61mbs+kTCp+dDADVWw5trHcytBmI068uFyyC1syOdpDgtESw1gXMQ6b7DGEay7X9x6ocqhD/UrZugi1RPx2vxacapyOsTPaMQ2wZWjiYRDFIwaDGzX2LFWSnWDvjy6dSuGZpA/X/e0ZfFioGwLasMAtPjst1VNKk3VLZZBbu+nUIDcsN8o+mQzzz2x8quLVLwEVdhOt+sARACn1jPtfhn2r2MrgbP+KKlpJl4bWKbLY8sI3Serzqeh+U+ipJzhTTpJioGXEMZ/BW9eMxhdYDAum+pRAbBAqw2Tdu4kPiq1/14720EPhC5D/oKvsQMP4chaFtj/cVHCCsElPmocsx9lj27edanPzNy8drbjHbjkob0KNEQy5F74gq3AquPRQDLLLdYq5QTgWOArAiHwNgZHwFBe5gQNgXVHmAGsSJXERUJ3BSBCajZH0YzWmgArABwH0KWJE31yUV6ISJHrbCH6LIKuNFECXORNHRYHPBJt+pg88A6uds1oEtexvQl+mXFwKBpwxZEvQZi8uKMZ4dZrzGGwhCS4lawEN+hoxC5jPwyjblwjAf5ft1xCHbfG4DWXhT/92nYlziZfd3Kjc2Soe/sXI0iPRHVJuhLvMh+ZMcehwEJBqqKmPfG6n/hnSzWn7mayJz477qcNZqNBsvSUw8pqdxrxTXcMkXwHuGaBPbZUvZOrfUOw7xbKI7Sccgb6dJN351MOGYxuxZMwTScyOWdIC/mHU4vDTq6+OR4KLk5sFeGqEEz8bEo1c0ccUPU3LevnxY6YI3ttSHYNnfBe6CCZCRfIVuYA3gEWO/yV824B0c2K2tUYlbnp2Bw01vgPxORtmwud1cMpLHvjOPA3MMWuWhWwlyLUr/sMtdaQnqttTnt1qS+RFiXfuZ9zG6426BLbzdzge74o2dj6SSEGBqtpBD3OzIl10VOc7gnena+9LwGstejgPT0ZIHmatGKyLjcrhie70CEdwnlP2j9hfiyUufhmlbnGOUWDSdgEejipr1VHauYkl2UnH7Dxd8fpjDx4DM55B7otlSsJ8dQgvw4oe4HS9132s2qjTPeb4ebfBRRpP/ZZla4hbrvKrwW2ywHHP/DwVdLqeeSx4JOich04lSNtiphexgNj6K+gHbLukAsX+S0pexMV52e7cpEQxAUtxnq1zgmgyneS952frUNpTdyxFVCIxCzKhJtsF2tqDZhfV149rFpXwxMrTTqt1w2A2vuYjhcs/oetR0BATLqvKc4p5PWvCtR/tiYZ5meS3+CyLCwXe04zlPsVI2sCfbYp458OFgwK25db+/rKdGgznud2s9ZdEPcV62SNmqkP2Oc9hq1vcb2YaXs7YbZOipk1XVGoDkHgXU1lc8Ll88T1+msYR0yiE9w1LVh2T6CB7uy/ptbVC00QsMklbM/fvqJQeGvfQ0fHvaWIqJyTG+ObbNw5Hv+P3+i6KHQ5fUji0Wk1ed4f0wPBFhEsOLCKuI9eeFFqjtvABrtnfiJWzYjiR6Lichjx5vQvHDG2Uy24V0NdFXbq79OEphBXwV6caRjfVoZc1sByQ9Kl6Qvs4qXspdLyH2UrcON2UGhr04R3VRBiGcqPGtl4jWHUlKYB2Hr/puGUR4Qcd1+vVrBtRICy1XwM+mZyL4Cv/PMvB07vUihRZ38WhTbe7tHxcgdyL9TuLGN1jfcLvXIb72No3KYRj851HzeqZC3XhjBvV+93562wymoDGDyNH5gVBbYdi+zIULeRyFKe0aL2RYAmv3LGlajNGS0+bEXPJK/Mvj34lLPmvSxUu1bftmNMhdmUfLTCUqhgIVnq8zyKjLvdevOaRlrbehfuGqkXLpQWiuXHOUyi/o5OE24DS4SRLPnzjS9oYRbyDXHlcvHSYTe0uGqF+mZHp/ilsYCOHegEe2YaTqyzLBZBp7hR3GsFc4j8sFxMpUV/RlKXYoBvp1/A16zKZ9AmR9BwqloOJlAz7izj63M8PlEWgvNupFsr01vzdFgHMmHhkVdMSJAjpUnBe0JbhDLY7I+V5t7fP5Si7lcNoqH2OiX1XAtAllPn0Ru29e6KbM+1oCg1HDBCPu62l6qGBEq97z34B4GMeX3cvuoPC+gVMN0mwWPsK7TF0jyeR8CtRlK0wNQjKXo/hlCfrZ8r0l4wjxp2o9bb4HhwvkWL/mdZN5nMjumjzsICXlKg5myzi+LyPpgjquI9lBOH8xKFo4uYRzfT999VOL+j0z0hSd04L/NHxMY6gfpDtsk14Spll4CqKTL+NQS6ZDIBrDTELNbUHPy5hyFiyNgEsWpYXFX1UlTi4+Qoh/BEPts11vljFPm6FUziwfbS7iBKh1i3f3rKkIQkU8RwV4zgIXJUGe7Pc63X0dgkT+Gj2uAxqXWxV5QS7MtN5VBgUKn7GzhiFSfCCtmQ6Eshgu9p06YUyr+i3GaxGMsszs5NE4+dLUK0GxTwJFmMKiMbapvX/QH0yswwmZn2nuqWI99zc57/IggXNUXjNPuXHj+RuWYHt/kQiN2jHk4u5CEWEhllVyIVp9alz61rf+SWIWpWwL4wrmv14w4xmnCYW0U/S2rxnCsWouy+WMyhIG0P17LxnENcBGs1YocL8rI3XCdoZtwe3OsQcrCWjqttWW9QIFkoxvanWA2uF1QWyRbzBuN5Pm5K+ixpfa7UrpathbyD+LE8S+P+RD1oTzGUBTTds/xUFWWGyGlxf1hjm8kzwVqbivWr8wzXX6GWAF2Vp1A5zBwVBTHZ4Hosp9mTzyeZflrP4ISe4gstHN4dPUwuX71N8pBOoVGw6U5dsPVe+5TS+cbgXVier99kNIwPXeSu5FCvBnkYeWIykv12+g7YLI8YEe2zm854yvCYQabtGYfXah7BYalCw7MIks0u4mngY8Dw3NTMTuvhsDJEV2+imIP+roLhwlpE32UHXqNsM0HFMbNMFFB5d/gCa9n4qfLen7pwNr7ew94tmlkO5hEA3ttdC4sonzuhnKNuQhVM0TEX0bdu9Xd3QTXhM66cDRhJcoaFf9V3x6vPhYNI8qUVujC5Ckb3jrr/eSz/c7aNYctrpPeGWtr4bscZpraXe5dk6MPpHCACtMzBcqnu0KmjfTO1DB2stjeomTw44Sjg8j4dYOeb3ScjOppZlpteMwl0pRQkMxbtg+6NTDFOfBts0XVBnUkZwIDCNu+dGbyOBzJUfL2+GSuS+OWzJqf8+wGCMn1b8UiV5akYtA/6+JPkC9AtpKvDhow1nxv0DfmORebe/f1RDT0Nbi9iDLFcAyFydSzMPAbQmdx0AmnTp1K74+P8vupteJ3024E3O5Ja6gal5xFSVMXQ4eSoX/KO35wn1stTpzp/7T6Y1O7Zl1+VBJK0agaJ1fMpWcQu8mnI6zViaOmZnU/qOmwbu0RGOi30scnm0cJn3wTAvbNhIgukIlg8MXtm0b6H5fznsrYFBEGxXbSpbJ0qOAkxIQ1nMD9S7Hp0SZy77c+n8zc089WV69Q0swKrlZyvTBXQ64USlLFzBFsrF15x7Sn1MHlCjRoN2wVie5UY48xowfFQpTT2n9itXFSdzFcCZUTfDmMV17ZimeKD1Mf3DYbXr5SzIvCV/FfPxbZKij1R2gYXYEjah6h3iyHKH+ItSu666s/a0X9A6GjvYnFszdk9veykAnTO+5CPuX+42txtOhB71QfzW7KIYyG3EnXzZhbXvq0ZoIVshUTPLIK9FtoqVPc0o68BImMhLxKbuAzTa7u/rIJoXXC529uNyR66pPd6i9D9xmfrL3PvVS/yNoUAgBw5FPjVKqF6nzcsZoGrjkK4nUdKWKebr0Rg6Od9i3Gr7HT6pUOpAhZt10jnLpxGWPUbq1ZfT3gmSX2R/feFKnGCsZhwWs2ZmIO7auKvsoMxtUuUsfUmB+BF9zZOQBLQzDyu76NV7/j1NCaYDg+kkJH0BC4V6fYZq89ia6wjQhRY5InOnBoJe9gcM/I/Ko9FEfHZt+8QhR+Ck3fXfsOcQUDLDQtalx7mvh0LLM5qwTcwkezlQD/Khzao81e7H8b1p887edBP5dAQwQm90YVuYhqPRjtloSzDZAWryUF6+XkfCGPukndZ8TohSdSkim3vP6PO1D2/khtPXHbNxszkZOj8qTVOKB6iGCc35hMXV7L/d3PJQwqgeZGIKrrqSHanBQlTL9x5KoF/5H1UVVmn6ACeMitcSvshnPiums9GnsHWkNWZUZSXJTfhRtBP/Dde2IzUnwU07ok0bYaTNe6UH6JDrKkXXkcXKSY2Qa+Daj48B37Ce1GdhK9qkSnQ3Dbkau6OfTUMvpjY7En/U3kfAzNdvhcHVXePW8ARcR1T5xHIxl+CPyyzy/3oAAIBYBfCy5WtJarGeD74XZphaGEAyytMolH0tTr8wi8IBDH3lpoobc1ELsa8rmnvY</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:45,432 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:45,433 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110145Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|_e0b6a8f223f4277ed046064bdc306ecbef65e0b612|https://schabarum-ba.local.cs.hs-rm.de/simplesaml/module.php/saml/sp/metadata.php/default-sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_fa52895c2edec1373f9e8e0098e05b9e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx0w+1LiFQEaetW5tWBiBTa/z/qYiIDZb270hKGAzG9BjG1eFztznekJ0HoBFy/MtbFQxdsQ3Ngbha4cFXnCcfSB0p+fgu0tgzi1xztH+SOrVcNjsdAyDaSsAg19Y4cbmE7aIlE9NjjDUY/JAlPvYt3tYOC56hjbiKWPvCkQHzHsy/lGp65mWbXCEMF7MNKYt0|_deec9704f3817d6b76034b9049291c02|
2021-09-21 11:01:45,702 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:45,702 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:45,702 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:45,703 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQba05600-113b-46df-bf54-7038e3e6f272"
    IsPassive="false" IssueInstant="2021-09-21T11:01:46.367Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQba05600-113b-46df-bf54-7038e3e6f272">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>8tmUKfCo7/YtpbnFWH/OF/WIC2c+AdPI1c1LErgw9rE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
B04ZqJP/09UPaneRH2txP/jfRSklSW2o0syto7i+Eh5C0lanOgW1XYv2qGfEuVLxI+enHWPePitQ&#xd;
ojGg/mERsduTrc9yBi6FhL5MyP75iPxBCQ3HLvXtKx7n0jArWmhVfH1KoXDNw7gP3LhYcP+Oo3mW&#xd;
JeuttKhDXX4IyFm6xdDPaff0iJUw2RSH1sQdJ9+NXE673C3XEXy1HDUohpJxRKSaJ8P4+5dBsQQ6&#xd;
xSiTZRtXWvNCyP2TqZM7cCYne+ufT6cvCNvQ4tbHdHg//5ktxN+0dyxU170t1J+u10jmZ79Ab6jY&#xd;
Jxv+Q7pqpnNQj79qePOKEKKH+k7Lvyeaafsd5g==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:45,703 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:45,703 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:45,704 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQba05600-113b-46df-bf54-7038e3e6f272', issue instant '2021-09-21T11:01:46.367Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:45,704 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQba05600-113b-46df-bf54-7038e3e6f272"
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQba05600-113b-46df-bf54-7038e3e6f272 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQba05600-113b-46df-bf54-7038e3e6f272"
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQba05600-113b-46df-bf54-7038e3e6f272 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQba05600-113b-46df-bf54-7038e3e6f272"
2021-09-21 11:01:45,705 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:45,705 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:45,706 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:45,706 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:45,706 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:45,707 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:45,707 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:45,707 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:45,707 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:45,707 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:45,707 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:45.708Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:45.708Z
2021-09-21 11:01:45,708 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:45,709 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:45,710 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1d6f65ab'
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:45,711 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@1d6f65ab'
2021-09-21 11:01:45,712 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:45,712 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:45,713 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:45,714 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:45,714 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _688e07c7f0cfe0996a6dbf5b56a0a088
2021-09-21 11:01:45,714 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _688e07c7f0cfe0996a6dbf5b56a0a088 to Response _2ed41b695d3476bfb4bf7c55029e7a11
2021-09-21 11:01:45,714 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _688e07c7f0cfe0996a6dbf5b56a0a088
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:45,715 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,715 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxrdDaHxcoP+AP8ihx5G4YMugAg6wRi25eCFwsBEzesWSR2rFab1tBeTIjjLDjWh4DWy6MfDAHvAOwpsAUOTJaL1yc2jE9cvvRujga2OT9apbpvwskT9TZFDshxXc= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQba05600-113b-46df-bf54-7038e3e6f272
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _688e07c7f0cfe0996a6dbf5b56a0a088
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _688e07c7f0cfe0996a6dbf5b56a0a088 did not already contain Conditions, one was added
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:45.712Z, to Assertion _688e07c7f0cfe0996a6dbf5b56a0a088
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _688e07c7f0cfe0996a6dbf5b56a0a088 already contained Conditions, nothing was done
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _688e07c7f0cfe0996a6dbf5b56a0a088 already contained Conditions, nothing was done
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:45,716 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _688e07c7f0cfe0996a6dbf5b56a0a088
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx/hfq/nAWfET2hcgrqAdrV7k6Ejq2ukCW6IsuSB51+1aVQXFassfaxhMhiQHma3UEYwsxJ1ALYYnJWP5TnVDB180nVDxNpNM5STrrG1iYiAiSx6N2IyHbjtRZtMo=
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxrdDaHxcoP+AP8ihx5G4YMugAg6wRi25eCFwsBEzesWSR2rFab1tBeTIjjLDjWh4DWy6MfDAHvAOwpsAUOTJaL1yc2jE9cvvRujga2OT9apbpvwskT9TZFDshxXc=
2021-09-21 11:01:45,717 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:45,718 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:45,718 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:45,718 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_688e07c7f0cfe0996a6dbf5b56a0a088"
2021-09-21 11:01:45,718 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _688e07c7f0cfe0996a6dbf5b56a0a088 and Element was [saml2:Assertion: null]
2021-09-21 11:01:45,718 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_688e07c7f0cfe0996a6dbf5b56a0a088"
2021-09-21 11:01:45,718 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _688e07c7f0cfe0996a6dbf5b56a0a088 and Element was [saml2:Assertion: null]
2021-09-21 11:01:45,720 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_2ed41b695d3476bfb4bf7c55029e7a11"
    InResponseTo="ARQba05600-113b-46df-bf54-7038e3e6f272"
    IssueInstant="2021-09-21T11:01:45.712Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_688e07c7f0cfe0996a6dbf5b56a0a088"
        IssueInstant="2021-09-21T11:01:45.712Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_688e07c7f0cfe0996a6dbf5b56a0a088">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>b7aQ0kInCM8HUiNEeU0msIfLFiBnLRq4OIgIpJtqb3U=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>MYIK5a8c+M9J1tqerUjsqfyP3FFiiCsdpHTuuyh3YoM2w9LFxM5OVHSSIg1AIgSZiTyYbsTeO49+KqxUHQcihI94ARvEdP/sj8mA8YJ4DJUAwJeh47UeQSWSj9B094AtkCoX5kcOcXbMtNHS06hrIwAJgLMznqFFtpRoDO6QyoonY3MjEHMk2gjj/OK2vqUfZlqGTKQ4fQryasEJM/B34Cf51yrDYetrxE8NahJu+PSi2uxOUusJSp25whlCTNTXFOhy9yfoi88KjPTyMutX0ieFfR+U3AjymCC6VF8Tp07gvOnLjLH6FdXb5vtdPWJIUtr7ufaTHGdTMhmu3HGZRA==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxrdDaHxcoP+AP8ihx5G4YMugAg6wRi25eCFwsBEzesWSR2rFab1tBeTIjjLDjWh4DWy6MfDAHvAOwpsAUOTJaL1yc2jE9cvvRujga2OT9apbpvwskT9TZFDshxXc=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQba05600-113b-46df-bf54-7038e3e6f272"
                    NotOnOrAfter="2021-09-21T11:06:45.716Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:45.712Z" NotOnOrAfter="2021-09-21T11:06:45.712Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_7860ec0adca54ebbe79a11f4975347ed">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:45,727 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,727 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:45,727 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2ed41b695d3476bfb4bf7c55029e7a11"
2021-09-21 11:01:45,727 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2ed41b695d3476bfb4bf7c55029e7a11 and Element was [saml2p:Response: null]
2021-09-21 11:01:45,727 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_2ed41b695d3476bfb4bf7c55029e7a11"
2021-09-21 11:01:45,727 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _2ed41b695d3476bfb4bf7c55029e7a11 and Element was [saml2p:Response: null]
2021-09-21 11:01:45,729 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:45,729 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:45,729 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:45,730 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_2ed41b695d3476bfb4bf7c55029e7a11"
    InResponseTo="ARQba05600-113b-46df-bf54-7038e3e6f272"
    IssueInstant="2021-09-21T11:01:45.712Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_2ed41b695d3476bfb4bf7c55029e7a11">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>V/QmbCj0M+mZIX2/10mesC6qaNCKlvdtZ2DdwTyqgT4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XUWwCW3+5DsX+9E1FTqnNF5r3GUeJ3CrlrKtO10YsxD9ZyO6HbZGDmiJ8/kL/E8Xon0MDVsDd3CejCOCER8ii5TmN0s/q5KI7ONqGHWdiAnNciAOpbfa54FJWNYFcZkAEfx8gWgpIsynbRFmQ48QoE8CJBL/W6xorOhzNqJrjjTCz2ta7Hw5eZxiKxCZIS90veLA/4pv/KAHnfTk+oub9v2l/FO9Yji/KQVUZiQgAQfOyLpf5lfm9ofAtmafAuiuEy1WE0L5I3LDcRp5WDhZOV6JJDmfSDtWGCj6curW+C/CiRiXrdFdr37jmMEtPeP6qj5NqsHWvFrMsAmRqsS7nQ==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_6707854592af3967214c508b42ac5c1d"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_5ae870228facee0a03c25f1aa3be6c5a"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>OpH67Jcr53HaE/jdA5iW7bog1eFsSopKcQPoELs10LBJc4+3fuFRy3KecArWRpAbET8D1rVCKO43+Hu469XOnVZWcndzYdsqSIjBDkk3hpGXuDbVvjGuyjE3YclFxppck7ndek6+O/ETABXaopYAZWs292b0Uv+kM+OYKy0AS1QXi38I+oAutirjHVg5L2P+iyb6m+QiZfVRWhI+6gm/kBzgKWjFE+xu1jNMA7Rf+0yUXFTIkgrsRqGXlSD7hysUaw1VeZFE4FfIcysetMLnSjbtA46HvOtOixrGPf4pwKg3RE1bQb4UbkX9QG8IHRDiFnVPVWaU+epc6SYPsrftyA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>9X+iPEYB+TtHQCneKKdWNKi7CeOmp583Q4Srg7sEr3O69yY6yN9wwG21AmAYvrcJF9afS7M3HYmaC41eoMQZdEstB5jVD5hp4j/yswS4uoVScuuYWJ+25Bf1Iy9J/Gg1SGspr3EFkffzguF8MT3mNxZau3e28MvIHBiMG+NTqm2L7CtfnCxcowWRygl/EvOoU1AZJ2CkJ3WT8wnJMHHYxrmVEgaePswgGmcDSs20bXhrn1giWndjubs9RDPAyUiq/toul+xWBIwVxc30alN1cfFFSmw1CbG5Whq9wvLOULT2sj7f5+36kPLyl5mQ1FSIM1zX1FOyMeWu900yqU1VzLqnUm59UBDaPZKQtZzBkhZxs5GM7rXjToZ1tMNSCgl+91DHDSrE2EcW73kRRHCA6NIkmCLIzynHy8wGEaZ8lr0jOmiU2tiurzCCni8QabZrnS8XAX3ReVAlSxCRIUjlks/vSg8lULBisLyY0gpoFITSwZpJe+dtY/OpjgOnakWOgKMo8N6GkcYUNt4uO47ezKRSy2HyXS+SSYbMJmH9O4RhZ7ag460i3zlmGaOrvl8QXwVUCv2NQO4k7fcWYEFivgdCittjymuPD+xleo0XLWDKqKaro+PnqqjRzAOgUMzjcuBGrHwMrCQYIoUjK8ZU4TJIBdW42YpcPZ9qErdPosi+MBj4xjEEOabQDkGcI4REigAMmxKLFiQRH+pp9p9NLpZ9kZkXRO/z3p2P8EyvEeoer9I5KamASPK8BJLC+RkLhlm5GShjR7nZonu0nsozuBfy/sEVv+pJTHIS0WZkiY3J8AMy8KPQ3z5tk085DVVk5Pjb9plPTDA6ZW8TNQIVnK4zn3zAZzfs43EMmYmqRCkbbIBP/6IYutjRWftInpqmSYOLodlxhQ6RmOczdBUI343DFCXIAxd1bEhxLrTqlNy5CFExzecXHzc9lwYhGgwoSE6OkILgX86XRXUbCRK4PHfdV4XXJ4yKLyquLBPda/M1I4g4ffLE6mRX9fatHpsyYSsZVwqB1bq2jG79fN3O+mr6ty1DYGzI1phxwa0eduIfBvCHXUaAHRIg8KWNLwApy0NLkOjn4XikmGSWqeqNR+ObL9mqLp1CCdLHRlmhk/hdsXKgeCuFgPsXD+B5j2zTprSYlrDdjZi/M6PxppU+S1ZE1sHBtJu5f6Hq+TQijXlFa7Pcrg2NF2Rv58RFrOh+uT8w4iUikjT0Y8JoZTHlN7mYpXL2wJvNE6+0Z/bQDfKnZlQ37mBdD2Ku7zTd5IUh7FOM/3tt2gxz6TFLB6U9JBdJqaK/G5G5AQgKLQzq3Lcw1XiZ1yCL9mh8snn0vsc9iQJuTyS1p0uBVsjynsD7lFdko4tvPU3fKYPm8Q/iWsxCDbX16sJ03uQdBOl7cha78tWlIWCMwmAgyYeu477OHA88o3A8oKRBvYwTxHhvnhSMPWiw8N6kPWNwwzVlXKXEZYJP3No7YoUaA4VE9Nf8EiEObB7CeOxLu5y7mgfTVUgCRIRnP/v6mROJo28A0DkQastX56jEI9V7fiJYDexLGxsZImr7amyGJkGtmBw2TuqBjupIcxyc25j8u/W+04HgDL553OVpqdY5JoxZTYYAu1F9CSi3uUXqaBXxHFigDWPdeCOjMefWpCuNKQZfhyMKIpO4+Y/PYUW56C4aRrRPA65B2roJxK2/tQg9z9UVyzvFUFFbkrd28X8lPZbFBq+H0X9g2cxiMWDDv2kIb6MgJmxlxIWAr1Es+rIY5qJEbrWg0zfq4s1iMRF5woxl/+YYdNtFCxeDRcDjtwdfLMd9LzXe9F9gyFYp1rNuLz1aGV4ojNu7vY9ZNwEdsD/6UA1ax2wqlMB6tSQc6PHWLEEcY8AnBL9rTtHXIg36N7KP6U33kL4lHl5YF1tSprQOohM7WhSM4fxq6BtAao8bBCSgV2gd587jjlgkKxorIpW+C0ECsIEFv7s/E9KI7lU9CiTvI7WKdkz5XosQoR5ZDtzoKQPET2Qz63XzUNvYFae7qaJ+PAYv5lOFhNEquZLguQMj6BhLW+pdl741CBnMOUEDjW69jT5mbHRLvtFVE7vSq1pf5cKuYvyTog9aGzV9bxXr02cpDeNdxC0e/tcznCJe7yCCzadU9tRT9MpIOtpLnolr+JKZU61IaVeF1ZFiHtWJrGyYIdZPqhruUPzdwUchFrp43FY7aiQtEivvFpWszijiSvGFywgzW5mc6ZMm4eBo8Tm2CZtnlXp8Ivk/y1kV19nJFlLK/VImVsZ9T1TyaRsmfd1t/6MmLOEJ5wC+0rwH9liwgsD7fM0szgG/VBOFVM+YQtvvzV8fU/4x2lueUHcubx47jmTh4PDbv5yXt+iXrZq1xz4DmUw31iA75C7VLNiH0LCd5/i8R6c/h93cv9+xX93aEDtHlo8sVOjYJuUmI7oYyies61KxjVdKuDpxDwFD0K2KY4aUVyOhfQc2vdxdiLmxCdjkXh1XfIdYWMoO4NbMyvdIWnHSwx9bvDGBXWc276+1srjEo6ZIvMaHBuvfAq+ablBlU5sdwbHg9axNOVUoHXmJvoEEu6NHd0fKf+mFOxdMUH2U3ROFyTyKmJGn7u74+niNPzg2I/InTBdcZzTfeSyuvSsv1eN3pHCG0sFLJL/Kbef9fLl0defzmkewABql/MS2ILSgTghhOpDBS5+sJw4A/lEmK8ZB1VH5FO50v0ezlhh+Go/qCz0xMpThd67TyRByitArRhLaufwiTxb3DwbvV1i8Kj+btCftuCbl1e8Lc7yzZJ1kibUbRoiAydfRgDtXRI39quXKyB33AxFlBHPmJnrThSe7V3sV7EYQJwO4Avi865S1RIG2RN0DMpyeZq04hXDBC9wJEe8ood8rpbJXOh7CAdSPei78To7wZ77GXJ29VcTiJuPvBViKMPMDhOy6SFlBhJWgoEkYmhGxBjsXOonQXk/xXSTldmI9FgnqlmckoNBSyG2hMOsI2ikjaNS/B5VPRfdHCJFbfqOba4I6ditC6jZLIKZak3zR/IyN64aLBKFjaP1H/bLS0RXGdGzBPXfJYqpsnhaRwdz16bQ4he/82mA6pjTiPLgIh0h3gn4qGEGLRVw7/HWUrveMmJ6AvvbQXCl0CyujTtaNL11HyYQX2aTtUk0l9BTFNao01XYp7K3a/j/p0DQmjxUBtxmhYw294LmRFoHmEJ1a8+2hJx+cSSIiMaa0zQk4UQfsiCKVxBAqiH+/AF5AT/jtKxXCIipvonDeOUSoJGfMCJkWmfu3ZB25uMgbzi0TsV3IXaKb9I1jagI5+UW/a6riKeBOdzyhmWCrUmbRP4z6pOY3MdtnQuhkEUktpfD8Rp+RXO6X33uq5ob7ieVKw9nvMD1HsA1ZcEKjkskT6+LI7srVU+H7L9R+Ug55+cX/g1Nt37xn2rqzyO4rA6mbzQNomtzclBU2UyjhE/hdPg9mFkuoOjNHgslXilL3W5Y6k10lwtBAyvlFJOA47KdB/5Oq/EwZJ9Tmpn3KlwMk6G8YpTqigLfvuRi9s8Ge2z1GzQJmfReuLn9GmgwzqKB1ZwRs4ZiYHhqkQKa2YWivwVzwieLDcTxL+QRagmbhwjpaGcJi6ZyAZ0IdMwCeXp34c48idlrAnPgL3pG4tS4xFm2cB3YEsjSzGGmYA4ae4gGb/JFeYg2cWyr5M5h6klgZqsdcW1vqx2qW7ZTyt22WCfV1hBT2cDvpKaHisS5dku+c12u2Rel3Tb5yJiuyHDsP2Rqu1MwjY8y+/WYC+oOrDkXXCXBrMFdB1M3M5L8a+H7WAtDhtec0O6C2/IDZEF4K7xL4QU2MajubIftSvFdhmtY4SchP62JDcl8v4zVrUKjj9DF40sFwtdwZkAbXywyznozez+N/hZVLc/4LQwr1wItTNWfiG3KvDpCtiVZ0sPBJIZxcgOk5YX52kZ5UuCaXjW9IahvNGJ9C7U4+drtUehmZFnQbpu/nlGUHP0ZVInY1LETYAqi4T57nSW9Bx87ddTCouxcPOiJDD/WUHaK2w2TAF0p8jOY1wLpjeKLuplTwXti8BL1xv7YWP7xyo72kfiQndAVOESPPHIqn/bXLzKeVgm/SkoAgC9WFba3W8WoLiJKtzOyN+lL0vbAusM65S6y3BlHFMEulcUrB/FuMu+L/5n0AbhMN1FVkl+iU4jDdz9IKfrIdFdnscBJHSYZBAN43OUliNrDkcUZwwaniTGZCSdf3WP5r5blUIs0jrxophpKLj0/ukzXbuSa1obl9HRg5Gx/s90zgEy2KSoscRktxxbW2/HJ+C7M7HKRSdPV16tgVaeSXXhSLAlbsHoiJFS1vSmjliWbd9oq/oAROtdCTZC/1Xe0E3MUnt4JcEM2N6fcbt32K1LK2lu4Wl0HQe2wC+dC/lCi6xI0BFiI4Ffqao3PMG3udqZQTnRmAKUTX72IA/IPBCtPFTk6RdZsnRd/jVrQ6aFE8Wcmx9M6ergkls0/PDBczSRnxrcAJ3OSAX/xmxsdeP8i4EKZbXE2/u+cp24Ch738Jkh6yk+O6Mqdyu/4V4wh14ltdhUOqpxbEvg8qcitITI3kK0E2R6GmERnov6ikd4NejO9k7iogM6QQC+EgB6tJ0kyQ1C1gZx4myLRiXdLNmDJAWNEZOj4ueanpUJ42k4itod4/F2Rcn9TQa7cOqcDZY5y/lUKmHIqmC86BBBWOf7hEaX5wYIzRqbvILDBxW4Xw4b5vFcnZSOVkE3uM4u6HSuSwcPFa9tB7Pdr8U1Wyopk0imtNsVlp/2QLrbphoOwVtinysCkamhk+rGFiM7awuAXH3m3sjUUrhirMDw6xEWUMqegCoXE3ARgAwXF0TlmnCXSqxYn1Fz8TBwsDapnHYooN73/lsYaWB9E3v+3aOt+ggDWAjcw8uxO/YUAGWRZHbVu0QltQoLYzGlHmrixYR//5EMhq/twnayFauVhdUfD4B1qX3iGuFPpEBDAWn4Q23lF54Zz9O0L5Z05PiHvl+9k3NyQ2ho02Hm2w9et6SQ0b1OCz7+RwbcqXcLMLLr6dCn5pnaeHDA+A55X4jYMYyY+rdJapF2arENPkS/hrBpS/F7Pr0lu+TpGu/u3ZXPDCDBJasXrDj8TP43mMYhiLz4JIcHzk6yKbMzDF6z/dGWM4lENCEo662k0XiSIBOjPZtdoE5xai+ipjeMcJ/MeBwRH7CKaoVmB475A+LanDTImAT2CDpCPDvd/IebkRubYSupOVLqiFCEpAN0lq211bIZIIuSuiK+DnSRMMkT57gHgmTnwrniEovKOlYFe2NGsCZ4HsN2QtaTLiR28oOGIx8aukrVyMpVVDMzJX7t8230hpSTULhywYOF0wARnSyHZKkQyVcunwkF6Yz1ZeFmV/NRKug0vYwkq20ssgeTMvRgkr5QsKqjAET3+OI0tFzOU64WevdfQ10GE//xPvR2hC8zQDS9tgr1yZUHzSm+UYqTRvDvV8WDBoCrwu0ZI1FBYCNC4gIP+FI4YyVM0SU82ObBgdyfwNUfKccDhywVgFvBBYVr3ijtAfwekcvC4l+1Kno76sRVq05h57R5VwJftN/gAu0/barHirVNXEAf7Ztlznkyi03BQZSf2+5+UFkwIjSPH99i8MJH2cGjRZDqKcMoM9RBSlmcnnNSGvLVohw0xOKvFfHhXUpAU5+XOERwswBR/kL/6pehWl3KB1yStCaZXKLcZ5z4nIuJX7M2Hwn8oiWM6JZr8Rdanea4CtfxD67TV0ZdfQTryAPoKvPutpDOz6B3JaPFbvOTF3QMq1OR8MKV1HGewhsfNa7Q1nGPgZZK8kYt0OqCZz7IHoLARMhDsMYBwW3npNNgQR1+61TqW+cPkz1JC25TcQ61YW+0lbM/acwrdsZOlbF3LRUszjISYN7OV49oEBnP6XJqCT0gqz6sVMUrQHUeCXgWWtFjKwMjmfR4FyXxer/vxnxZ/nWg1uk+7c78cVPMnOmKJwchmHzrx3r4iMEwgMWzrPlM2S/cfft3udnDjLoVr/AcD+nT94kQep79f8ho8701ImOlJpLScDIT2rQuiLqCPfyySHSgiqK/vPzoff0NxtjQYSZ07T3aPjwTTmqH6CFDqlf3eB4Ijetou6qh3rJvKKGO+FdYqG/AIINDZB3LROLY3eIWC5QUl3jnj/aglwGT6MDA72yVEtaibpk97Npwjx1VaVRuEZyoufrBBPx7F8oo9s3WcX9G2QvSxELl3by9JQWgcF7G62BVWa5arB4HxtEIFWM9YpUoKhkUvjXT4C2Q/eCxeGEnIS7U/aHPGIBOtV2zyKdyKKSkmTFShmuSqSCxzaE7IT8t9UMXGk8nPHAwQkb5L/aCImm92aZWM5E4sxo88yD+9I8xzVur3vhI+NpmJ5M/UoxZiUE/7ydGYA8QSlL5xYoDihB9GdbAujMKbO6yHNasNvjZpFZQP4BuLpUWpET9bJr03jVnqYT4g32z7mcGqkeFEXENxHSUEffzUZAYyEB0N7WZGlOUIyh0RzTsRTxxsPTVdMxVGpFI6Kta40i1Eh3zUPJEzSJW5ucn84m3uz9s6OVuMVIyvIYGds3DHdvVfn68iTxhkjtRe+5ZszVw3fCohv2KJRBkRsVAHsTm9ySx5+T1HqThxqga3IXjG623En5x+25zMHcvezwoAPQwPH0DZWHean2HhpABp6FmwG0/4frtq7bsM+lDBNdYfAUSizUWfl6NEZf/EJlNp6p/3dsBvw22Zi9cWcsaF3uMejtOcf5fFFDgvMHUJCi6VQLgfbKavqwQOfeB+0d4fitXhKehQhexZIhJrVyUXYn2sZ+cnMlPutK+sltfNK/cIHz+R/+gSyarpLjKVB4veJpuyQ3aqzRfJUG69SMeaAhhyOhXcnOZMY/eCMeWTb6m4TYuPqUzcTxCleDbybHQ0vlHRghvzQ90jxtw/newfPjwNgZSJhyLMmEyvPxqLPG4CImdwYXC5O1gWU8P2O4EJi6Vlt2iZhDTkccAy0RSRafDncK6WfloU5XltgSa41BoVL9zLbKiGSCqIGC5OWdoyHnJFK/F7+h7urKauIc21BE3fDjaqTxgGQgwOfeMxBxUtFciTQnGrFfhqshsFfnWtXaX/OqVD0Z8qJUNNKmOiGcwyHbojRNPdB8JPWR73Trz/X0oKWM34qUpqxXbcq4Xkxg/6+7oZn+DmuZ7gWi2Z2HDT1W26RBy/17X/NJTuLkze00LbNCT5ErYY59BoFz/KHAGjqr1pE+d/+Kj5hsLsWJ4W3CmAvho9bO9STzgw7TAaY2vttjlvHaZ6H6KAIFzhXph2myVJX5k2I4wSSEJiAXi/4m9CH8oXc3OV8y2+HVjnIy7XUvpgLVdhcEU2OVuhXgv5a1XeTZvO79GBA/Xd4wcU0MXuIa+ByD3o4gaUMcE+8nGAQB9QE9JGKir67Glb2rVNfDkR7ZiRBe3lRBmH6BufTWZvh0mb9cNSKeYZVr7Nd+3KP79JZ5UXgjryrQbNJR1upNM9t1OKII+p9FplLj8bafQiWXT1TtsARkcgGpUsc9dpdsWr4PRaZfyB441mskYTaC6POe3GCCv3fLmB2iOVPmHXsBOip6Xjg3MNdDb94YNM8ccTwZkmlDh7QvdkZKP1uoXlLPTSBcU7Hr5pDdzE381lABGwAb++0/nyl0nk+Zac9+Bqyr0C2qaA5l0xMMlmoiJsLkXXMcWsFpyPwUfyLRCilpOfmi1ac3YyWEmm27KXsu29EOCT/AY0DJh5VpExEKchUgT++CcYNbCiB0ZrhWBymCTbALW879dCDorjR5gCGKqT58BbrjQgqb5l+awbHxQMuzuIdD/0LF5GQ71dyULS890lFbIyAkK8+MALaQr0MuzWDjuaS4xinPOekG3ru/69Oz3co2jefUTLyHZ2fGBAz64sby92YRLSgt7T1aMGAWz9WBRpapyjhAvhwsRv/gPLDi1JlGmbBvaUE3kjxaz1FlizkCgV5rb0PHbRYhywr21mDZscDXvBWWyzbluxvmVhP/7qnsfnQq7LqNst1L5D3414C6HgaIcdZbKeQQsNU+DJknqMlGWEerbb4MBRA6a3O+4p26JE1ir+U0DRh/B4ngR7ei+nybXWm/c9pOrEAUQcnvRe0FYYAnL3QqNXz5xM6KbCzcz6G7n8uh0oqR/586OmVWPMDTRMaMNcMPbvlFkp34Cef1T3ASK+y8XN6qz1pvTkXQJoieDMweHE3I/rU4V3vJoWWRPhLkwoVVgdvn9LHuT5Th1WOj8A+FTkjy6wQ0q0J47QktkKrqE8x6KdBdp8=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:45,731 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:45,731 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110145Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQba05600-113b-46df-bf54-7038e3e6f272|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_2ed41b695d3476bfb4bf7c55029e7a11|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxrdDaHxcoP+AP8ihx5G4YMugAg6wRi25eCFwsBEzesWSR2rFab1tBeTIjjLDjWh4DWy6MfDAHvAOwpsAUOTJaL1yc2jE9cvvRujga2OT9apbpvwskT9TZFDshxXc=|_688e07c7f0cfe0996a6dbf5b56a0a088|
2021-09-21 11:01:46,078 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:46,078 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:46,078 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:46,078 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
    IsPassive="false" IssueInstant="2021-09-21T11:01:46.751Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>+gCo5/q2avIFQU6nHVT166jU7cFdoAJeIwH4kdAPXVs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
MCKaTJNznsYrjENokO6qun3FN474u8DkZIPLbrDKA2QGBGCbGqy506H1bN3r0JWrjVtQpbaoXEr/&#xd;
sase3rRN4YKPbItQeseAcjXMUGkMfULJZVY+whO06JQ2nLCN6szOp9d6TgEoGIFRjDlsc4eArK0A&#xd;
3BJkWS1Cy/HkoZBSmyk5iOt3rWjzh39LBjlPc6Iqso3NkhOoYNQWLqWUTUyeCDB572Q1HzdWfex9&#xd;
wO9m19ecaEugqtMul0Q/3yM9r+IZVC8uiWCaaqxGTk3hB0f7L6GR2hqPWXMA5DOiTIL4YasEDLLL&#xd;
xVjR7yworPZyT1tlX/Pj8JwrRbefCu7i9dN5bA==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:46,080 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:46,080 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,080 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e', issue instant '2021-09-21T11:01:46.751Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
2021-09-21 11:01:46,081 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,081 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:46,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:46,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:46,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:46,082 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:46,082 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:46,082 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:46,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:46,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:46,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,083 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,083 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:46,084 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:46,085 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:46.085Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:46,085 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:46,085 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:46,085 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,085 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:46.085Z
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:46,086 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:46,087 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6f0d9f7b'
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,088 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6f0d9f7b'
2021-09-21 11:01:46,089 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,089 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:46,090 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:46,091 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:46,091 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _98e65a80c57b3ee3a763394e942585e9
2021-09-21 11:01:46,091 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _98e65a80c57b3ee3a763394e942585e9 to Response _c8c9685a7fd9d61fcc1fd7368a3c937a
2021-09-21 11:01:46,091 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _98e65a80c57b3ee3a763394e942585e9
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:46,092 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:46,093 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:46,093 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxtTDhOgebmqczzp+Nf2X/wWv+B9nUf4h32DBDcLcU2DXEdhCy9W0tg0KNvmfGn+gZ/TQPleLNXApJch8z0b82ucHTTBeQf6FICrFI5C3momAyYKdOqAVErUTu62A= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _98e65a80c57b3ee3a763394e942585e9
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _98e65a80c57b3ee3a763394e942585e9 did not already contain Conditions, one was added
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:46.089Z, to Assertion _98e65a80c57b3ee3a763394e942585e9
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _98e65a80c57b3ee3a763394e942585e9 already contained Conditions, nothing was done
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _98e65a80c57b3ee3a763394e942585e9 already contained Conditions, nothing was done
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:46,093 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _98e65a80c57b3ee3a763394e942585e9
2021-09-21 11:01:46,094 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,094 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,094 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxrdDaHxcoP+AP8ihx5G4YMugAg6wRi25eCFwsBEzesWSR2rFab1tBeTIjjLDjWh4DWy6MfDAHvAOwpsAUOTJaL1yc2jE9cvvRujga2OT9apbpvwskT9TZFDshxXc=
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxtTDhOgebmqczzp+Nf2X/wWv+B9nUf4h32DBDcLcU2DXEdhCy9W0tg0KNvmfGn+gZ/TQPleLNXApJch8z0b82ucHTTBeQf6FICrFI5C3momAyYKdOqAVErUTu62A=
2021-09-21 11:01:46,095 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:46,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:46,095 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:46,096 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_98e65a80c57b3ee3a763394e942585e9"
2021-09-21 11:01:46,096 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _98e65a80c57b3ee3a763394e942585e9 and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,096 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_98e65a80c57b3ee3a763394e942585e9"
2021-09-21 11:01:46,096 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _98e65a80c57b3ee3a763394e942585e9 and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,098 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c8c9685a7fd9d61fcc1fd7368a3c937a"
    InResponseTo="ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
    IssueInstant="2021-09-21T11:01:46.089Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_98e65a80c57b3ee3a763394e942585e9"
        IssueInstant="2021-09-21T11:01:46.089Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_98e65a80c57b3ee3a763394e942585e9">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>bKIRDosoqGTHRm53Ay3byaz+FRzHeUNYVQvqlvZKJds=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>bFAWVQ32yiTC89lOK9Np1P30RxZCNH25biaP5zGuvEeUiDHZCIFgqx0lKatvOcJneClh3OWfuPuHpNP69Crxoh91jR8b28EX0PAIbeJ7z7ALI9m24seHHd6dpxWrgLJqTXDZqmoL6h9ciLaOy34tK1dOBL5ZMQI3pBnEe1ZRF8TtpiUlLGBWKC+7HDLJTOCcUMnXVNfjj6croSc5sqdifCQVhoS7MbuHqq3n7dBhphNmMpsrlghPisk72ZUmELMN+gdEwx0aDlnY9mzt0rWIT2LRSdUyV+Ox8fYPBzUR0LrnAdzdMmv3k8kv3VXAvEnAaO9x5nrqRhoKlsfZORlP3A==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxtTDhOgebmqczzp+Nf2X/wWv+B9nUf4h32DBDcLcU2DXEdhCy9W0tg0KNvmfGn+gZ/TQPleLNXApJch8z0b82ucHTTBeQf6FICrFI5C3momAyYKdOqAVErUTu62A=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
                    NotOnOrAfter="2021-09-21T11:06:46.093Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:46.089Z" NotOnOrAfter="2021-09-21T11:06:46.089Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_ffb1bb5d9b61749be1c28b5ba6fa17cf">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:46,100 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,100 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c8c9685a7fd9d61fcc1fd7368a3c937a"
2021-09-21 11:01:46,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c8c9685a7fd9d61fcc1fd7368a3c937a and Element was [saml2p:Response: null]
2021-09-21 11:01:46,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c8c9685a7fd9d61fcc1fd7368a3c937a"
2021-09-21 11:01:46,100 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c8c9685a7fd9d61fcc1fd7368a3c937a and Element was [saml2p:Response: null]
2021-09-21 11:01:46,102 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:46,102 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:46,102 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:46,103 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_c8c9685a7fd9d61fcc1fd7368a3c937a"
    InResponseTo="ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e"
    IssueInstant="2021-09-21T11:01:46.089Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c8c9685a7fd9d61fcc1fd7368a3c937a">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>fsOm1w17y4r9Pmol5XspO+kRWicG4bMkhZeLlWnf+M4=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>QE69yzQq9/bVq946XDoZhhtHuCGzVfXvfT6tLyk2/8ad0px63Rd66xKIfy7H8ub/R5CFKUOTXBRz359VBOkxbfndWAGwPsyWLZ4ZDreBvDapBBrKa3TiR84HRjGxbhPg/v85va8Oyx+vHd8C/msuvBcPgToJTcfw8RCSY38A1Y05dJRYXZVQ1FqNkRa7Kjlkx9DeQ5Is6ElnC9IjAJcuoUCQPOkgQaFQaadd7m3FfCOuE9NvOU09bpBVUKJ2ulTgQCwwKgplvfAgCWAZ4UWmneQ4l2BdFKbIPbcSTaaGc9mqWQGzXKY/OZML3U0UI84mXP6gb5ZKfraKlCtJbK7aug==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_b2f30fb8f4ac3897d1e65f2e8df115c2"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_7219368bf8e92b52afff12224f8f77f7"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>GBfZsqSapSho0Vw9kSuxlCS12aO0WIdz364x2pvX1i78yq2yUg8RNCFsSgs9tFhaFiq0HM38ft8N5sHvfdbXbUcJyNpYfmzMU1TvAFRW6D53vElsD0YudzhA+SfzjXt1IWqCYXNx6uhYlxA3m5JraiXZRU26/mHL99b1z7M9OWuSy6BrBL8YtJhSh1UCDOB+6Vo7jETh69EKyBRuVxxtPZhSGGP3uE+AOGaTP8o1B62ia3VtmFte1hcozDhwAYnoSahEWRn3ZWJcolFp1Fk5NwX+KtqvcBuh/Ao9bQfsi/GZGAjykEa8ShM/7vm/N4auWbDni1rdYaToUBWKb+5acA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>qJiSIiNpvb/7SFK+QVYZYSAGiASj6vDkCSM4Gyx8KWtloRyRTldhO+pHNKHHSpOjFHbjo0pi+1YMPmXPpe256F7TtWpANvgsQkbacOP1Z9AHjdSDM3wQ8i2eK3A5QCiaVchO6SAD6k7hNHYZJ15ry7NaCV9lbJ9AlE6ZZ5XL1v4T7l9VfMSV4aFVTTfNXRK47lLk1J/aYxJnm2x4P4XWbpKYy7eg80Qw0XpYkwBt4wIfdp7LWHJeEVj9bpZeVhpTNVgUOSXJKrOtaFmjWI4fO6C8vsB/65Em8yJpapXXdcPDDhSI0jwSX/BI42H+tdcv0sOZLwz/Hni0bdrwC+ruVaBUutiCsqNLN+xSIeZG9gy5U5Mj2h8BiUnjqsEh8eQgehi/oOatCGZ0w44tkaXy+ajBPwwHc/tr9mJwU2TZ0J1CAjrVQKkxF86e/SzvE40OIIw9Lr0TmU2XLPsAeDVmtkG3NM/JVq6YgGmAQJFlm+Nx4PJpAUlLyWejKvbb9kd9wbNyx5R59+LsApyZuf1giSRMuuADYvaPHgNAoSRBhZnxcJof4fKVfZ3BHzqGK7eaARyDSevSa523meyfzendUGi8waOXTC2B3tvbHcYdWNHyUJ7OfQ6PwoGsZZo62cupZ877YKy+TmeT4aX6glL6Ij3Q5sHooFpXqUKZyKMyc2jZxSgFvHXhNpfyklv9FvZsJ0f89THY8FsDgzVgIXSB13kSQMP42guRXsrTrBqeX/itlScdXJv4cK316j3I/H/uvw96mJIZNGkRWtHH+4hrjQ2901LTCRisXRH8QspaRmoEQcaItzB4ePR2jJtdzVsDYcB8OyQKS15cV7sUdZCjNNGgb18oIJ20oXhXLt7EvUo+tm/MInnzYWSLtvIiByF/DLozEXSnw6oLxEJf3cxwbNmoJWrjHcRrSzq4S6GtN9SYBvRK/7LXDhjX53VKD2lcaa+UCgsJvFDhA8WTAVWWm9Fsehdj9FY50q96gi3hWEY038pRRF6Oh0JlvuVncysX1DUBabcXew/LqN73pYtJ3GKzxX7KYRUtyrrZ2HNHL8DBvWI4hapfoYZSBMqz4V38VTKfaJymcoZJSfv2+wG8SQKeeoBbzF8vlqYywwvFyqd0d7VAt8iA8fqsRAYw+qGcPKWVwUvyxmbJCCqcz0ug3gJ5Dxgq5gSgBSyx6DRtcBy6adl3qwArHnMcAwwAgFZL+UbdWHGN9xA1g0V3iXNatTMRNBKLEWbUnZCHG+aOwC4hXsnuILDaLSmsBIhZsEJxtPxkl20t1iXB4fTwlqwkz1cYD0gKoFDGb2O9PS05sD2/udSDrb/EGYVm8Anni37XmRiCHABixz0dY/+xQ828PH1Eu0b0PtLF3QKV4WSes3IR1pxHiZ169zteRQ+nEP7kb6SxJk++EiM7WBn6NMeJeoYeDlSo6vxpkASR/9WLpDJ/sXZ7YD1Dy9FheQR6kVAkTUjwuUcQHHQ0/ek2MP2ssG4jaMwrZmALLRJpMW/qik0Oaib3KRjoNqOtvoTvgsY/g5nV8YQ1xvtWlcZklsZsQq+RNng4vrTd4h08wcyTnjZQEC4iIp2dRZYHfG8PevIAplT907wprnMtBFVd6RxX8tmbTLG98sJCoYI+lizwqL9gv22z1d/pGNBROFd372dNwuzaHmY7HVb0KWSacNyv9n+YO6cVVnZqmp/29GXlOL/FMUa5O9yZdX828gAPvusFSbfHtL6FyBiM+D/rl4stD0L6pNUvhkq02vT1tDgM0SXFyjLjkBfcH7cqP8BgVErbADkVbeMqPmTuBBsz1vjL/Hwb7CPJtvm4WHqHPAhARSH0MWFBQgdnduWXNx6FvjzIJqxqLwFg61wpNWwmk5eQFBr7EtJoATsJyTcXB1nbQMdsK0ldxOQB2ktOkHMB4LAtfnoMgm8+CzssL6tgtRtzb3wq2XQRGw7jugfGtvmV+dgeeFDXdsK4ka9i4blt5jDLHTSV8BIshcRAlQr0K/D1Q085DQY34+KCAdYPx7hm+3eSr5NqD2rnH2mgm15PfTX33luOMaWt/v6NHoyKTf5sx763t5bPKaxHQdLQ4OLl2JMO/DlqiZe80PkYDwLa492zN1b2L9sh+6fUB2WlU3OwRe/8A7hHtZCuVcyBAl6aaL0xVm7QHKUimgJQJaZ62osl+wv5oj2454d4e8UWyMZXyUgaRs+MXBFUlS57ci2oWL1rrJSVyKx/ytIdUyp/sCCCeJHMINLdq2PLQAD1oAjOSDe0q1Ou7Jm/r9ROw1MSeqF+ixHehcOwTzJpviAdqq6AdGcL8hlPy38YSdUp942/GS2Fx2l1nRRDZOay1DXPccgq4HVisyBeoy8uCbjOKrf7/9AFoE/2n+0YzMUAY1wrxhTP+78YZSP53Q7HuqH+KC60Ygqk1lD5MrmOEAdL2bw5ehBZi/XWPUHy/QW5rBpw8vr48urvcLwzLQ/E5J3uq13jQ2iVUxjplXUq1hAObA62uY9XMB1TkCFjC5lM5L3umzCjy6PjV5i4kBx7Ve2gm7gAU/KatNHExX11GJ5qLvMTQ9ipNYQUJl9gtdVp6PbaeBBv5jQQalEQyCX8F2ZT19lIJvSUrcPcMdQiJHnKYYwy1pOfg7YdnOjBiaz+zOJiGqTkWXaKEb39E8E4/uneUFCZMvIwJYwLByhgFSEB4IJfceGXsOdnGMkGEr/tDGaBsPHuHdpwoiQf+iMKgPOtmyAY04SOHyNYXcYP0BqQISRbd/HZ5zx3Ta1PzEnIkZQH8e8ZvVqgylrQlczE9/nRAEAfLGw2OZyiUYuNZuLiPMZ0tH/dAoByWx0iUNwqd1qajdGd3c8tICARTUqsC0lNFJzVe8VphMvnHoFPyTlfTyl7CjD3KCuiKrEAhcjeqCZE8RsR+zEOvyBZJlY9QHKSDL7YW3m8DDKfPy/ObWeyzwjvZJLu39MiJcvWJYBKZuHtcLThBxEf/GpgMD/hTz2l9ez+AG843KoCfzeK8MP1YeQsUNOcl1Zz2zQq+l9uYKa/aHOdD7of+SV6UE7WWH/5ykgHgYr/zqBnPex2YgfX7DqdzbJdlynPguMjwhZDuX1fgdzwNm61Y9txthLsf2wYmBYC/bWKeuFkv5bRX8iQjzHt8LDF1Wqt4hOV/57mfidbVvHLE8mfieuEJdVJTHB1ieThLz0S+mN3QxO0rdnDHBJ3qYPb7oAS30fwo0ELTYkf7/tH5N48ST2XIbf1boiZBSJDHhelpSJj9wHz+YAT831iet0gGfS6TBIjo+g0MTdUw0cL7XsP84SznFbrCnXKOIiOemlaBFAbjkTe5q0on/jl6/F36sRtuh+UZTvXTiMgL9McLJzJ8Iq+cZCANUtZpRUnRU6fF3nwIOm/xLmGtiZzPUNNhnOlyvqyPpoWOLkMtwaTk9uZS9x23xH2IaU/AWxHXS7M7aUKsEweO4j44BmB+SlJu6MDFYEKHGoVtJlOWIg60TbRZvmFmk+t5iszdFvZ3OA/GwEimgpO2UwMRpPKv1Cl9qYL11jrfGrb3Gc18q6z1/nY8CrdUwdMBUlyvjeuU1NyF7C6mkBQzHNC+Gw9zefR1jtRfBKLVXt4Gpr6P1mdzZRUwI+hVQFLCBYIrCPlwM2HgVeTm3aKEoVGsyXmYK0ag4g/M0umtPr7le+txXHqJKtqcfuJ1yEmik++dXQ3RfCyBU+Hwl3Tb1la7T5CberDVsOc0m4zhMz2KaPOMFq/BC11m2BQsQtBHfOjlfuhdqWTPFuei2WYK72B7k3d4gt+tBm5WD2y3WQ+vv1ZBFBtrdfezluTudjNWPjZNJY8pRcT+szhfpF9LHN+UURINGbJDroMRpbbsnAxRcEM7xYQ2sKAu7oSUakGyEBo3kkbTkp5VpDNozUyoHiP8hPN6NxZfgmcuNT1s8CycqxLIw6krpWhILpbKhJ+3c1RT769af0vTQy3eRPwJmhUnSGedJarzhX69IsLO/uY3zDfB1pjc4z4CjHv0BZAvcp3m1GthZ5UCcXTABZnaqsYdmX5vgmgU6WZG0ilPYXW3j2a9CLZkKqH1ntsCdWFaYzrO4MAtwk1yORjin/Bg5gmZUFt3AkXgdLaCLZLwJ+ahMP9NhXGXGGdFkLvSd/6nW286b1HPTb397KNHPC56i9LGyPXz5MbhDHzfTWQCPsIgvxAc+WYuE46CgZl9PVHAjT0d3MxpoAJK/95geNLHIAPBW8AnIc9gcBFKtpUGbEycR1J56MvocAuWUhCx1u+l3doJpyRC9JpPyXSoLwpjod3U5swdyYRPZGGiv7byN1OFkHbOGrhANINMno/1ZEJOmzbKTNkDXeUqDqrulLan4wqowKUbQ8sF7TjyJyGfLeF6igm0Biuci51gZfPruC+C2yQYZzJhsXW4Y/HG1jXUL9wfTJDM7ZNUep5F0m+TeomMJoV1960UrYpIdj6qndtczOd4mJ5FzSrFrBelQ1/aPoEseJON2XOqP4k7uWhk4h6/mZZpCKi0rAceJx9hBHD61TVA80IHSk/VUUpO87abvV5pbRc704RmhbdkqyR8fQhUjZywszdBVs7N1VgwP39xJDyJYxKGqaw2Fp7H5ONCMqHJqoKbNFTtZ3jYJ/6X2QRsmStAy9bxHnhQZ4tewR75cpJ/dsY5nXh2hVGISXm/qGRT36iH5AdXtVEKXKxikqb5RVDiHNFZnBK7m+3M8msRYi4A6IQHOiAVxWpKyaFKeLssQaZ/99bkQtlcDXJ/uKYSSzoOS2/Qn7HauA2cWpgHvhVe2K6Npc5BhXN4ibZas9GEuv9jmuKML+GrqoV8IrlQA6YeBFvo6ou6FyanrUnwxSoDvFHxMq3BTVdURXy/oPd/loAcNsRP3uvOJs8IaN2gdW0EgwbTtbAmObZQVyYpduras0fBcnArvGHFqNF0/1QYnxoy1j8gGQyWqMy9Qibb3R38R9bQC3nlx5azCYBgInO9Qxn40ZFAMhcdQRCvfdHC/JNylHE6yohCh9bUr00vdWNqKZdGCID48r7vlD+i6Ld5FYjj1w7wt4RSAQKgOZg9aVw4WFN2k1+72Lr14az6t9dN6zns+EzCDyDhLNNtobIExEWhRTE22XepxUhL5dzfnBSDXu3lh27IilWvVzDHmzhy28ZBbzJ8HMMacQVhDbd2XTM/EEfFrbvel/Guxvho9Oh4oryo+fRJTipiJVssrK2wCsa02+0rqOfKPdbjTUwo0yePzYHn91V2MeOLYtI17lxf4RwNDEH5GRzP4Gy+lwO+Xc6u9B87FeXzqyFBjaPObhuOSjiGVh/VV2wM/51UcANSrmIfwv4kjY/lfK7Ncal8XCYgtmVm2ETZPTJqP//Qu7XseKP/7/MnfzLjDGffgTBaceoCQRH91zlF5TZFxQh93JwK28WYhPRM1x309GENzo9fa+bN/0g4wq4VfjboSxZm14PY9mvrhlBfiSLnp7iNupjmagDfHFIlTWrImfvm1/kfZMmIz+OiGMrDfben/12sNIUCzGBWx9vGLoI3ePRiz+rs4eEnN/X6fMpSWDWMo59Ysi+ave6rYLyH8U+8fPqO/NxCDjLw+r1PE6KXLEkUvS4CjhWz+52fNEEMQSdU69ZQXVnguXNIybtn1Im7fE1i69T9mr3Nz99deVu7+NR9BisIhjAFk0lI5GqYO4eRdxnwprIXENhIm8elLy1ebAappjLm35LWRgqke6cPXkZ7DMhg1JQJqnsRK6L/g25dzPTee4WpPR6TMe8zRr9g8ec19CNC/9Hpx60Lty5l55Rn6wATQuWlr2CQWu5P6lrK7AQTam0XJWtTtApjjxn/vA9R+VL3/hDyAXznw53XjhLFWhyCmFY4iebVpD5vwelxjUwNyp4HEp7obQgNdvQNMVKE/5uYSjkePHs9PcAlmBWYE+1BNAwPuWmxhuYQWgaZCw6e2oT0EFgfEatk4GQUYdYyuxWo34bC6zLXqvvmF3CLrS54MHIkXuR07dtR/Wr080zxZ8uIqSiiBZ6HJa28tZ2hmrXLu/qnhXVu/aP6Ex4Q49lZ7mKil+Df9bsIvDpIQaq9j9Dq5wfSxfzu807Mlo1N50MexZHN8xJZaN6oRGUEeMSXqMyAJ5ENAzLVqQSrzEjzZUa7noTVFmuruFDZXMMpGy2ZxNPHw+2fsI3YF9uGIc2Kf6XpwA8z5HTWRzH+hwLPRt/urW0JT74gDFCOmFhPJJsf/J9w6KcQiBzIC4N9+WZ6yNYZC2Y/jZdneEZSu9OadmaXVHT60f0L/CZCyx0umtwhkZRRedEoJcAjfhV9md8l3mCSgLv8pY45t1V8feaht3EpdoPLrDGe1At4QaErlaktQFpR+pZUh1arj5KTDlErAqPucXKmNIMKyeUgBEsFz15SSxxr3jsKnfgDfjP1vDgP7DZU0Lhpq0TifMy27qMGr2QjKoF6hjDsyto4UHdtlV/7d54FM2YtDXWyy85jocUAnmuVB1h4m9uiFrv072POyBbP9mCgi5aby48xFqD0XS42lo+61VdgqjDbCDQM1CkKPFL2PFLbKQZT9maJi0/msOuyvD6JyBRBie477/62SvEXnVm2qOTS7CWve/KSt+IJzhwcnZA3OWIZWNcgYWeLSW/0fwf5q/IrdUPJUPhB2sL3HEoP3h6Hb8oY7FnRM1irO49Rwn/NhX5WaK6TZEMfqrSws1J4iv0WKpLlSYpr8PV5sir3hIG7vdVAGj4f54WDlU1c4h3Kdn7lPlb1Y9mcZHjIk2B1FGMdzrdLD4a9i4JQcrwUbCfn7QVJvaNmKw1/H+z5yTlM5Y0vFv4JIRZgdCcjFnIlwBCyGXGzRCCRNejzFvKNHNF3PskoRMIpuAWZBPtnrjLOJdqb5Xmq0mFpkK5kZVNPOqcBHISrBezESWe0qCjV/JY0mrYqmrHgGe1UTIF3REab21oJrMKmWAe8z5eLkbJNsZFRpGTEMrQ/l7HdhmrKLSisycxRIEcAUmanA20itcMiN2UgOqZHO0yl1ikA8G7i6vQ2vS0vNxPZPCRT8Gqg1ZNHtnQ3zEV9xqqdEPzeBv/0cJFdqeW1oUZd4SbKX26cw6LbwRSAWk3vjIm9EqIGl7qDOSz61Wn+V7JKe9P+LPTGN3TfPEX5aAG1lrMDIr/bLS03/mx2ruPA+wxQVt+6ZF2za/gpprqV2WHMUIA5ROUbPzkqX517107feoi02dKWUKDxGtUAJ5qwH3fpVX/QUfF5ZTodclUhpDRs2h3OX0YpHPuYfL8xQfJp07m7uP1qrQkdkLOnDx7zEl4oqPH61OZ6aPvgyC6HN5litv2yu/fY02RBLJz7SupLCm5imZstpXoPJJfLUHW5hqrDUIRldu7G+ScqCnbpulLZe0vbUZxJCOrW1IfnICMAzLY9XctOGpp04JsPEs5TMMUndcZ7XE0Wqe/SOgeZgM6x2bJRXhuoA5yt5Dgs7MgWEmrtuXAW9Dh7n+oOVbC3hp3VTGp5ppNJT84chLQLG6hf35z1o/uAnV8GDsYCnIDTMKbr+Mf+Q51ZnpWCHzrA2qblyEn9yn1c/a/a/ckhEmlybGyzeBM5dgZIuZGUkjquIu5UlbXud7c2N1nzvAK91lKeJRNojCTcd6baCYYHW98i3qmSSQqiy73Jc6VO3vqJmwvR1fPYo02f+1TlySFKYm9nNNhD64qaDg6zo9t3UUrqNlLJdYua4f+khusMyUwoa9IryKqwsrMlHw2qRvKBOnVuxT6YgdmwDT9cZunQ3yyPt72dkdWkDxrRFGRZ2G8vSZW0GuMwwmXymk+52rUxNkWqRl3+jF5Jn81KpRyNOUhnJlleuBWitcuZUhxoWowUqVJ/b0vcXGKmbyrRu60r6JLON2N7l+xDg8arYfWplJUKQOAFpbVhP+icCzON1Sw/aELPiruyneVj5K8Pu4Ie8hpHmZTXsVJ2l3LPJkAG1BJAkLLmsTXbxPkWlcOW8vC1XY0t0DlM9PRpLFeOVqMDee7j+cWasgL0TkldwKzuHHYOe4qw/M0mCL7lcWYpnxeDQEqQt6xSScoW3XYAmnlvlIZUD16jYiW4cuIaLR2eEdbonsoxyZgIjUXa6i3977K4MfDYbX21ZzNOuFC4BrdEM63v0nwr+WaHjKfcIGRGbRoy1ZXdYrfbQAbD0ifXzmL9dgcm1jajrkj/r7o1jtnq4J7uvsrNNobZedxf9rWkdqMPQhRNU8OJWn03UQBcniz5VZkxKw4klvHtBVCq2/slSGAqaCBhtjn6G4FMH4It0SmCCUOLIbJL/Rzvr9404eiTeleYBEHc8THFpC4j5s=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:46,103 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:46,103 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQ582dac0-27e5-490b-bb11-1e3d0ca8f13e|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c8c9685a7fd9d61fcc1fd7368a3c937a|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxtTDhOgebmqczzp+Nf2X/wWv+B9nUf4h32DBDcLcU2DXEdhCy9W0tg0KNvmfGn+gZ/TQPleLNXApJch8z0b82ucHTTBeQf6FICrFI5C3momAyYKdOqAVErUTu62A=|_98e65a80c57b3ee3a763394e942585e9|
2021-09-21 11:01:46,437 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:46,437 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:46,437 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:46,437 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQed33960-4982-47ca-8304-899b82d45e52"
    IsPassive="false" IssueInstant="2021-09-21T11:01:47.108Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQed33960-4982-47ca-8304-899b82d45e52">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>Jy/4Je/R2eq/LUDEICAiiDX3i0UJkTsziu0bZGBO8nA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
cc84sjAfNzSIvI9t9xdb34W4jGlTKGDU3oalsfDGVh5o9gOu0E3kIGc5Y5q41ul2Jjj1JZFaE1KX&#xd;
dqoLb8i4JJ6NYcs0kHQhYo4jatqBPvRXgQAKUlQEYHjzTyxAw1Ttx+zLXdiGLnZW8wFiD2SatvYf&#xd;
LckxV3t4E1ymKhez3HdSxxa5JN0aIrMuugZXD6RDqu7QHppx1rsWE4G4EFcFSbt4FQwdgJLQMI0Q&#xd;
XjBhYK0xuM1rcxlHxRWS82VibKvTnXywTdH0FqBgE5gAnQ38pmkd/FHo61mq2yzv6CaNChgzyEVp&#xd;
8IyzzZWEDs/RvWkYwDxSyprhdt6iE/7IzCt6Xw==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:46,438 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:46,438 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:46,439 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQed33960-4982-47ca-8304-899b82d45e52', issue instant '2021-09-21T11:01:47.108Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,439 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,439 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:46,439 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:46,439 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQed33960-4982-47ca-8304-899b82d45e52"
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQed33960-4982-47ca-8304-899b82d45e52 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQed33960-4982-47ca-8304-899b82d45e52"
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQed33960-4982-47ca-8304-899b82d45e52 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQed33960-4982-47ca-8304-899b82d45e52"
2021-09-21 11:01:46,440 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:46,440 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:46,441 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:46,441 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:46,441 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,442 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:46,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:46,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:46,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:46,442 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:46,442 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,442 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,442 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,442 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:46,443 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:46,443 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:46.443Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:46,443 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:46,444 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:46,444 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,444 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:46.444Z
2021-09-21 11:01:46,444 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,444 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,445 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:46,446 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3f2235c5'
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,447 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@3f2235c5'
2021-09-21 11:01:46,448 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,448 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:46,449 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:46,450 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:46,450 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _045b11728d4e674a4d18c9dfa09228d3
2021-09-21 11:01:46,450 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _045b11728d4e674a4d18c9dfa09228d3 to Response _f8cebd4775cc3c55ce144818b9c69063
2021-09-21 11:01:46,450 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _045b11728d4e674a4d18c9dfa09228d3
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:46,451 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:46,452 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:46,452 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQx8TWI9+2v5eYSE5ap9RrVOTHBMroo+UUZ4vPMNSsAU3gq5H6qtbU8SJCqJZZLNdrDObni6v5n6Crift5JbPdTCb3m6L5ge5C8/1iP0J5JgVALOD/9Vi+ACWpGYds= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQed33960-4982-47ca-8304-899b82d45e52
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:46,452 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _045b11728d4e674a4d18c9dfa09228d3
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _045b11728d4e674a4d18c9dfa09228d3 did not already contain Conditions, one was added
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:46.448Z, to Assertion _045b11728d4e674a4d18c9dfa09228d3
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _045b11728d4e674a4d18c9dfa09228d3 already contained Conditions, nothing was done
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _045b11728d4e674a4d18c9dfa09228d3 already contained Conditions, nothing was done
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:46,453 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _045b11728d4e674a4d18c9dfa09228d3
2021-09-21 11:01:46,454 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,454 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,454 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,454 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,454 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,455 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:46,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxtTDhOgebmqczzp+Nf2X/wWv+B9nUf4h32DBDcLcU2DXEdhCy9W0tg0KNvmfGn+gZ/TQPleLNXApJch8z0b82ucHTTBeQf6FICrFI5C3momAyYKdOqAVErUTu62A=
2021-09-21 11:01:46,455 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx8TWI9+2v5eYSE5ap9RrVOTHBMroo+UUZ4vPMNSsAU3gq5H6qtbU8SJCqJZZLNdrDObni6v5n6Crift5JbPdTCb3m6L5ge5C8/1iP0J5JgVALOD/9Vi+ACWpGYds=
2021-09-21 11:01:46,455 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:46,455 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:46,455 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:46,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_045b11728d4e674a4d18c9dfa09228d3"
2021-09-21 11:01:46,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _045b11728d4e674a4d18c9dfa09228d3 and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_045b11728d4e674a4d18c9dfa09228d3"
2021-09-21 11:01:46,456 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _045b11728d4e674a4d18c9dfa09228d3 and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,458 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f8cebd4775cc3c55ce144818b9c69063"
    InResponseTo="ARQed33960-4982-47ca-8304-899b82d45e52"
    IssueInstant="2021-09-21T11:01:46.448Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_045b11728d4e674a4d18c9dfa09228d3"
        IssueInstant="2021-09-21T11:01:46.448Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_045b11728d4e674a4d18c9dfa09228d3">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>0MZrmXeG1O0LFNrGGCpu3XhGYyTFEeXIBJQLCbkyZXQ=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>el3r3EhHtb+gKJ3kKdyMTF9nW4qSBapITW96+7e8hwDYC7T5a8FJU3c8aXLhzcKcnHzaR4335OQs3wP6F5PJCRjx2P5JOKs8//DJLveCCNrEJ+rSmEjecp+VvCOribCykQpmL6tGqNE3WOJc1NlgVkpHZpFfxO2faaBXj5l2ZEFjoGi1tHguYGIRT3aSt/oxX7dCFJhHqLbBiNA4Xf+oDQsQGI36/m66iCj+pV/lXNdpehJmhjxch5btrDKnbOiawST9WHgjOZsvwDeyFjuxkm5+S+c34Nr2WIQNaS77xiEU8uuHpYz0QhrnUqzgbNr3+maBCJcBtWGsUXBoqVEg0Q==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQx8TWI9+2v5eYSE5ap9RrVOTHBMroo+UUZ4vPMNSsAU3gq5H6qtbU8SJCqJZZLNdrDObni6v5n6Crift5JbPdTCb3m6L5ge5C8/1iP0J5JgVALOD/9Vi+ACWpGYds=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQed33960-4982-47ca-8304-899b82d45e52"
                    NotOnOrAfter="2021-09-21T11:06:46.452Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:46.448Z" NotOnOrAfter="2021-09-21T11:06:46.448Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_4a49efc30c9a3448f31717b26066db26">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:46,460 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,460 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,460 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f8cebd4775cc3c55ce144818b9c69063"
2021-09-21 11:01:46,460 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f8cebd4775cc3c55ce144818b9c69063 and Element was [saml2p:Response: null]
2021-09-21 11:01:46,460 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f8cebd4775cc3c55ce144818b9c69063"
2021-09-21 11:01:46,460 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f8cebd4775cc3c55ce144818b9c69063 and Element was [saml2p:Response: null]
2021-09-21 11:01:46,462 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:46,462 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:46,462 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:46,464 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_f8cebd4775cc3c55ce144818b9c69063"
    InResponseTo="ARQed33960-4982-47ca-8304-899b82d45e52"
    IssueInstant="2021-09-21T11:01:46.448Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f8cebd4775cc3c55ce144818b9c69063">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>/tzNmub8gDd7ACYuPRO//V51LcobEMkK2xd19Uc/WPc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>XqEcRsvYqSks91z3fv0tYXYnI3lPKyy0xXncyIJmUUDZ44ynqUYsKa+08EZJXD+V/HGOKINfyaRE61f8UqsZNDI+dhyuV6bWmgrL3ZtB3IhrqHNKEc81RtMWiNOeGOJXFDWZeREuhHqcvbs8WnvysyHSQRSsrsciYI6IrI8YYFGO4PD6kxCZwd55u+vet03WKCq3NtKcrpnRbvZM1w5qDYZI1cbdpLiYew5vSpfuSjk4VPNvW+NQtfJOz3mP4an372+U4WlmQeAy6vI8d23KPA38shUcM5NfAfq8fOkv+3nVwj0c5bcb01KjCNsExkjo9DhQU40doTLI8ye4mm22Rg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_a401c8dc7030f2f389bd619a75b088be"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_e25da4ca2d77e98c7a6abfc0f5a227d4"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>qfNlUEgaq/2WbNxp7ss4Umu140QsfiJ1AZnsOhpJwE2c0CezOjaqDe35beUka8/ADT5n8wexnyNs1y7SIDN+M2ge431Ssun4u+EKCmO7dfLKOveWeiKRCLEYHYqXp/BeXoL3ddlRDvDY1Ku2J7Be6Wk4P1CkEEHmJTrKBgOtG5eN/YABpMsZOZxA9nAUXpbRfIX+L3bAEqnSmCK3JooVgJ3KFpOn1bAqZ90ZH+keC0TBN18CCjngZFuIX8128XrORn4wNokIzNc7ek5YLBpTx3BH7LWRBN3X7HBgBM2kiuKGVGAmR21NLkmm40goYknOBKddJzmm+T6oi+XP5FmfzA==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>wgOfflv/NwaadAkoh+ykGhthQJefk3OegaQ64rJpTddtTJUleKWNzplyQlFmI66qaowY4qCfvRND7FqXZhlNGxGBXAgR0E04zIK9s5hkhTMuIxpenzhs8MYPQIYulHBnIqkLhbq6DFBe6I4CyAmvpGmKdf8qhvIrrO7VeV++0DolzfymByMK4jZTOAanEKIFD943JdgMFNGXa15qdciuGdApcd0tvVAjDXm7p5vRY3nY4M67eDCWWUzEHal3sElqsUc5yUopV9/RDWilZ/IDhhEble347ST8SHrt5YQ/5bUnxEMhcVasaBbGJkNbr+dTXIq/vRU7KkG31oCR/Kr+VUEpWqrIy6F+n/QnM9YCiOpcVaa2oieUYfhpmSLkM9nT9mK/eSkYM7MtvA53V4USP1CQUaKzuCPIeBpFXai1sdwaBtGO0uYdCGLwZ06QqD9/bFZGw9ymDzOIs/IRHsmrcfzgkxClc+HBiItKODbJWJLsi91sUN5TM++eYB+eKhdiolzelx8s4YLJE9baPcmwpN3db+fjyXASeybKNfV8BaoHs63Fw2jkJTV8qM3hkCzHf7JnPwrPCYZLK6F9W/CFRQRH7Wlu45eAJHGDtuBV9+RCqGogudLFyiYzq53sTLRwqc7TagKKVsrLPsKeDkEVJLcqQx5v6+kiavdnBrPf//RIRCYTbUv8VOrMl3yrk7gH7wFFOC2jRoZ9t15YrReqhi4iZgMqRa/7or+ZgpIANdbt4D3hEZ7QjygEAu7fPuYk0HMlRk4+EnH3Imc0obmkMF1jTr8vrBp0xeNP2U9ZnjscwFprG6o4rFE9qDg5Q2jte22H+K1+h8esJuRSRlwBMV1x3vj7Jkcwc9geWZ3pnvu7Ffcd2ydVy4tK4G1K4PkhRNrLBdEBNN5gUw5+1rkkSq6VBuOzzn0BKF+FeNHIuH+RSY12jWLcsu9BtUKSEae/w3d/8VjZmsIw0+5j88/UWZuWSqvl+sQXEFqxGx1kHN4Qihv/nrW1CNCjl539Y5i5I7v7cho04uZYauogvDquJMasGaeqcRcgU3o7A4oLjmUHwh0SdPf6WKTCU3FLg3lMB3Fa+mtxvR8gRCw8vJIxMA8BHwfjtfoG2pchVw7dzVzJnTgMC0GhXQTry7RGOEswcoXzIp6fMvGgODCJXeQBnDpiRkrXDIUwkF+a9DOKB6b84wBt1TqDxrnYZe1GAXpHY5PT6978CEtSwl6OuvRkjgMfo03lQsDnckoL7O5LLzszDUl2a7C+0CpL3vdFIflKFKatvOUoe9BQ/LhUnO23uPTB/7v3wUEFtEjWscCdhvguEd/9zYmIhZzX/o/K5/ohS/uJD2Mg3WbHKo5Lxdurl6mlFrYE82Rl7o1K8sFMeQJQMgNHUIsES4zDDXjx2TABYbOLHpAuIqLJKk1K5w5jzefEzFC4x82kpJ3Zr+iIGvWG0/xmqfpYm/CX1gja50NC0p9YMS6COzeIdrA2NUh/736W8ZJQaoXrFzzNrWphzH43EFxJ1zy7ho2vkVVf/S/SjptpfzmlprUOGhmJtzHu5eGuPiG2bzycTjC7ZZFOzT4t81URjwjFKTWNnpKP082lIShhFsbz/hGFi3V8v/u+/kwCrhqOISLlJkIxNg4Rtsaawz8xLa9tLmBj7njFhE351LB1TNdX6zA4CV7bI+QAsDW2NPOxldTApB1tnD67KLJ/96QxFjlotLHERF1LGOVYb0Z3FnAEP78ZMsyKGOOFAPNqLcNopK8LqDFKSikYM/DLAx47JW+9+bHvsAhI0bWcMENniDQGYpvMwcv6XvL3I0CWwNgljWfORNy+RbMRTXcF2flGB7rrZHzV7oefkA/H8w4iQaugov2OlUuK7ET3Bjwh1tLEc3JzotnMN+RGy28zU5Xj5c+vrLtDvXFPkaL9k0v+MyTuiSTyK710rHPQYG+Bxz+wIRwebgK4UThSq+I6qDEQv4tEOMJcScFelkPm+0e+rx4a46dl4PC+HmgRWiR51B+BdpJ+gKorhbZdJZT1+lruNjSW32DO1TX+3mIyENGZcKOeBr6DegL/rcaYF5pmbRl4+k78CliySEZf3OgtBukqAsxSQaQY009ClScqG75M8eQ612NH8GbwnOIyg1h7n2lm0X9tONg42Q8QtmR7+1PuDzFGOWGA7GusZoRG8XqSD4FzO6lfdxudGOl6f26cOq6pvrcnQEGPgVTbtiny1GmDf7xdM/u7FG3EeeivMKkzi7Z6tUU5jGNTvRoshDcJs2M+fTjTx5CifmYe5zjsfdd8e/yLhWlDW/T5w9bfFsC1Q/6ypH6Sm2F9a/nwK/80zJH7Vm2xAO+i/NNBQOAAovtxOnhGjXWX4GE+XgQ9A7ORSbBGyNTg0DE1logJe89troEZCS5TgCQPMjsf+KImkDIOvurgFUTjihuGMpsjbfjqKQb2kDN2dEuxtyIAEDQqfy4UduoyqweyuO12KDvmCVhTfDyYQGbWXYQRhClt/U75+GDuxdqpGF6oVnPe2L1fMA5XlqRXKecdTIT3XL3u2ywnaKV+9nSW22KrNqusAUCXFTKq8ox5BHzivJYlhdj2qRBEFMs747EVgwsPtT6liyiKAEq0/e49lukzPY6HuHazXezUDmWw58x2CqjozjJ8JolS1dL7uaW8w3j37vJFJDk1Vm6bMrtW2TpweYsZ/KE0te3GzkXhOkhlPzbXLjGfum42D+5/yi+ojIc4xSprFEmQBsYdAD01yXLe4Z7IwJqM62TjWunXbt9jTiXM1eqFEzB8e6EkKB7Eu6dN54qk6sN4Bwb73ZUBNHIEXl9nL3v4hhwTQAvj5AJIoekJA9xxvQTkvKDrLDWatthv/K3sIAfCyt2hPx2R5OVNx3O9jI8twWtJ6I+zG48s4h6RJx0cMxE5l/E6XOfvH61deb/wIZFOHijNaHtBKiZvGnykhS36fna6yxnj+FbiRbEqCvEH+vPXXfq7dllpkhgT2T14ZsL1BToTr2ZzefOaw/ds+3Z6g/KsvFTbkMkvfZ8LSnLuA4UtRr7TeOUW6FngtZWWxe4gXbNHcw4V6NDPDFENrpD2klYWAddHZrsj4HosYVqwXhRyiyxmG2e5OIRG4Q+5JpFd9ml7E1aU6ZPNoikdx9l1Hsi9Z25nkSkrgc39APyKrnXP8LpTZbqYgRqUO8FKaiLwIwjOU1PhAOGegRIRXin/LaWa5yJIGSnzRvgdkKQp1o66CVA82k4n7js3c1r1rCyDhoIKyG3Q3EoR2ao+80+k+8CDO87kBx3oF2iEzSie7EGfptsKZd+Xi1E1JWmFKODkPbv3yJ4u8pATQ/THS+ZytadQfCOyWwRUiwh0Z5aOhTunCiZhGRiMp5U4ARsSFBAT3ATKIeDMUw77ET03HR6YWYGgZdflwJ0+JyQUK+vr+PhLTeCPcnOcclqbhikioJLa3Yq/jkeBCy5beLcqCv5mh0qHB3I3L9gsiTttcvOw0ve2rd+77MYdWOhiRLacGBWSS/dvHy1KZ4GeODodzkzWWLJCN5eGWjOulTeXT0Cqeb19Qaw9QH+OhL+RHR3V1vI3Gwv6AXANAHolOMyv7RuLJOZT0MHcBJezhJ5Du37uvA7R3QOYAv94CMNnRr51fgTF9FZDnc7kputaTeBUh4Q/Uygf0vcLDVVdOFIOHJ22XmUkZLliEaULxLuV4Dd7awcF+fOGxr6/7KJYiNG3kSCDSAULSoVD4S691C0nSmYRABD5aTD3FnU4IYij9VekHlj27eWIhmk3kN2qeBfuY23j32fEkGBmB33Ad/g7/0ivomjwdWB/HYGnvKE6G+Z11SdNKOsSDOHGc4pCUXCC3RjftkGhvaeea++ZBNaJHV+cuDr/pq+1pC+nfMJUUzWCoRVOgqXJp9tED2IIbOrCr8c4mha7U196O5XSS3RNeiLU/j7/SV/XJVoXibvkFcxLjMELxauLG4bQZN6DfT2UR9qlbeHaB59JTrsWq0HbrnnyGNw2cTYqhfxrbaOUkM6oQvijCM71+yJgNJqnX9dcTqfthWZK+nHGDUUi9p9jNuGmTkHf5zWzf9JtYXz9WgQE7CV3PirKyOLpzjLQO/iY8e+6FWQIlC6BEnqDM1pJV6bQoflcpMIWkEWMC8WO80fDNX/tez9iRkNDWT3X/Fvs/SCw53jwU/3dzBSHl54pDWmH+2mH718rNyD8vFq/W59Zl9b6ZLJa1vaXnqvzHQoBni7gWXryKerDtkNaAepJRSLXgLr3hQj4f1L2avJvao+tn1nGR5XmXK4qdaZ3BClSSSY6yFPSkl8u/M1bnGpBOKUtFL4menny/dx8y5wj3qnxyKu7z6zMpx80CucobcN9TYgn0mjLqGMv+BqahOtKXlF8DRnd71LhZcmFn/x7ckZHzb+ZOCVEK6BCDuaCc6e4VQUlNiDzTmDQSk1UlcY1hKR+t7l4W3x6rZj4Afr8Ob5bbjf5ZgzO10Ssdf7qVjz3HJxL529/jn4oxRcnbzfXOBwuBLo+Or3I03QrdVSToyXVZuZRTQ43ECaJ0FyTBus9bHVuf0he8sU/x9gjKfbCrbgyKn7CCuiPw1OpIvw02oM7nfN5oDbTPEukTovGNzSdKfe6kH1zeh5LAvpGOhlK2rl+tfXTnodDdkyPJs6xVkuWFO68AXo+zDA6wOO1W8okRFG6c3YkDN26RBksK2GK/LOz2dAYDV1GBbHGXfDuYli4owJE8vxKwf+G5Csy9JUoGm1x/TYwCuhhZusiPp40c4WpEMqe0SW56lnlVZQDn55emurs/fE6lCUIXByu2QaQ1h1lUsAfw7cpy6Vffszk/twKwl/XSaIX1Q+zpm6iEv7rWZLgiu/aAJOtqtCkW8KJsyXN0LBwnJdf0KBM1OUMsfo6U1n2pit9IpJnir+hCw/SsU43QdkmsQVtiqxVyRBIpO0nL2SJJvYTGiSZXXr/5eAs2oz1GJQe5gdi1Qlg5FBZUcXay2UYeT64AWWkp5HLZzxaNqfGdSfQt1GWa8UIN0ix4zNB7YiYeK/hcIdTYB1mrnrv2OScquLxowWCFmKJN6ZMbgsZ7WkI8hatxtnYba81fHvuxw9F/uC5VeIPfSHTtQgw7qK8USO01SIld7BzIpY7D4F/vNgfEQunR/CGftCWZhmS2EdfIdZA/FKsFLo19xeSfi4bv+K5pPp2yBdBeZSLNL15TqxhHJ2og1jJF+//FlsbiHsLLvWBetli86EaNZAQAIPn9fQQ1tFOZlrpL5wl+GKySw8kbB2LJthxXw1GgZyOVN2iDhKYHh9jcHk0x1tWavC6MbkiepMnxxxOkWhdQ85kFeNqErweIHW/lnXOXE8n7HbNyaeNT0bJKMEaNxakcdmrVhlCLAIsdlyDTsLQw5nyNqTAIHh7t9jNVp94bZg/3EqBN4rfQpnmYodWzLVbl5nH0Ns3EyUtfIfWhuzrKmpuS48wT4tDO/4P9CEJhYuBX/TMRAcCUB4l7EbCX2If1F83ebLP+DnEG6o8ck6cd+mF9rM7CwltYLWm0Of4NwON7k3j27iwx44khjYRpXWlI2IfPOp58paJBdxXc6Er5oYZEIx6UdDVpEdwmP8abUw8j4Pr5d/5ent6lDjVPgmtTNeNg1oltoOwWw92XCqvu3lepIpiqW59GROk0FsggVI/2LM/D3NB9Yn+TtM9dK+VHC3atisWdFKaOjmZElejiSyVkkrRsTr9yQ04KjtebEx68BdHSxnNUflZOtbVuzsPfQ2EJUiHjTBfkhu16JyQoHcnvOfd0zzlofaZTIbYS1T16hg8SQKXMWXwKb0x9zMsA4u02ZEJZ12zRPsZyYHMFLQx/KqSgtupDjWot9qoyaDdPvTaITykaqUgBsdOpyjpsRK957TNX4sZUe23XMbiPFX0fn8A4A4XN3WFLaTiY4OCqrQJjTXbmwi7TP/8x/Xq3ZUNQlYYTNBHsCsuGnsG7y/UD6Vp3K65knnzQ9D5XgItledDPy8+A8+1TskGFAEppVrtFqvKCsKC0REt9228PgK8I33UCLDG5VTAeIUR1Zvslx+MulfwoPAnLQHS3VPDJEyrkk7/S6pZjUNCIrxoi//fo3AP0iVeeF74fToEIs2+1N7/H0C0B9vsKdw0SirJyKWb7UZJ8wXz0w9yCjNfJOwV/0HWqT5AzizLfpbqfrJjwCXUgqHYODSMGYlCMk08BxFMtug29iaOGrbpz+DyxiQ+sPe38ff+K49unGSfG0PqofpBPtzbwkUqCXpKDnQGKvaeMKqO3dQc0uWHaZY0eEDpfvc5kGgD0za28tQw6lPFcPyghW/CwzrvHqkyXaVS3mcb4FCwNsdNvE74izvzInX932WEpWnfW+VPjztMPv8CYBk58KGIPI6SM8Aubzoh0KZR/9d26OXMRtvHjuZugX1noqQprfYtafCFJEIgI1Gc9r2ucfcjRWvEPXqgxy8Tvft1vgLY1PvjjZQPnDUPQ7+hdPhEMQ+ovqiAFflVNdBAL8XWnWV8vkTjXNmXap7JHyqbLwbx7NfLj5fW4LRk4MiCbpFjisOpy8ag8LzIqVHv/rsbmL+weux4yAiFHasz5Ea8oosm3MsJpuq9CFGbShk2VNljG3jAGFe6iY7uNhJqDCY9LQcDzBPLykXqDXCIQdcGAUeXolO7Mi9bLaz01S6lcJiJ+KjayYr+o7lQZGrtiJfnPQabvBf53nj5JISaN68clDnzK0Vj9b70VA4OZRIO/gZyYIvyyurVRTTaQ6/ZJ6v8IMdq4rONWugLEqL8jJHOM2LpBXejglehZuTEcrfTK3Wou3aR9OX0aUBii09ML/+wluIG+QmKLF50bMJ7UjROUN69KRDgkJtU2HBTsKys9L7AlAZw3N8V/GB96nnYBhWK3kFAlQfIFRHyIYHIsEcoelZMiki+UBJk1p9hJ3Yv60DkeBFN6OOron0ESS6mnQcpJZI4NtXEQbVCIEKk20MEe78dIIF8R7LGGvMAV94Q/eytOX01DI9lL7P4J2HXhNPKrpOiPR7HhL7aFTZrqHY++DFfKMJKpKuzQiEpfnQJbTi7nR4bxor2xTvztVC0HFeD6LHezsVUzs9gxZkI2N2QLyRhd8+QsCupwUTwpjwY1cV+uG90DtRrK1cNxjxfNum17asC2IA+fliwUQnsaVp3a9X0yGHgQOTgnGik/0VGgGRmLkGejknK0/dVKV7+A17VmKN3ZO5So76diyuLZQ4rnwcSDZ9GlGplhyt+zlh4fkqi2DZlLHYwCiCYuX/JRwaKujApF77QgzWAKxZHEsbVzbEvtISjHfEMRM7wcP/TiS3BkUaFRzTG94/58T+DH0AnE6vfQKpf8mlTEqF6Wu2VR+YlJaiKKwgficrCRfMBFyUCXVT2KaaaBOGuGbqyWzNrQcGMjjMnZaYeNdFXYboNqq+sysWfb8TKKdLgpjfAwFazJdezaQKOVmpu6ZsC06VQgrEuaN49hprN49ZaWdezGUmCWgL3kCxDXnDoJcz83JH+Jy8/K1d3be3jnynDNAkc6mSKgvFwmnZhx84/7MRS3a1llB1IMEYaRPq3p2BGdN27vpw5LcksHKBupSgiow2enlopTQMKTt2LtzSiRj6F4UT/bI4kdKmlnqevaG+1tbVTEP6669Lu6BflCWg5LfZlxNrBxFvbL30c/m27evYTwlKhw6wknhBh23nWIJmHIhMUKVCoKiCbZ03Pl6qW2eMWyC8j1wG7hE/awsbysNZiF5fxTU7+rAu8mszcFoB68TMekla6hN4ryl589PlP6spFDZwNBUjXhHW8XYDnsYiD9f0MA0eYoRlb9m5kjIqCeAW1cH9rVPE1uu/HcGWJT+07OOy6wlzoBbA7NLyhnfQb+/vxGeBIbiW/B9LHatzYNPdJxsvAL/61BviUvALp8dUZFJoDVWrT2N9yslKeQ6Nk7hN5SCs+6WTQKNSJsrnsjMvx9BZCju87bhjutjZBJzCyFMokyaNpHnm0aGfWBwCglJHzlABg4F5+lZapydD8Z7Giq8gkHCOs6uXwc3oln5vu0UGOrar1HWDNC8p2Bl6t3jr8MD1c5nLbhxbbvTZRBtNVjoLf1WpL0lHLVrwkjT++lreKmm+oCu7QXBHDDOjjVQFZ6FWogdNqxZhqqKfqECrzVFeTkujUDdlw5eHRKeJ1wUv2kN9nINfEggpns0ucpgcxGnvnO3IUi5OY8o12Kdx/zHbVNJJjN91R4PL3CcOEcNU7vD5XksrUliXvBSuo2q9S6KpZjlJWCHTWsQ5N+0w9WdV45OQugT4VGaDG1afbA66056C0wKo=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:46,464 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:46,464 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQed33960-4982-47ca-8304-899b82d45e52|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_f8cebd4775cc3c55ce144818b9c69063|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQx8TWI9+2v5eYSE5ap9RrVOTHBMroo+UUZ4vPMNSsAU3gq5H6qtbU8SJCqJZZLNdrDObni6v5n6Crift5JbPdTCb3m6L5ge5C8/1iP0J5JgVALOD/9Vi+ACWpGYds=|_045b11728d4e674a4d18c9dfa09228d3|
2021-09-21 11:01:46,824 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:46,824 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:46,824 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:46,824 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQdd38608-1066-4dce-ae07-6009715b0d6f"
    IsPassive="false" IssueInstant="2021-09-21T11:01:47.482Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQdd38608-1066-4dce-ae07-6009715b0d6f">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>sUFsjy2sTwLcUvlcgK4RXNGSLxUlgESP4YwiQ/SoLFQ=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
fOIn72JWGVeI+OEsD1Vx9GwjPxZVtSccD7IskILwDfud3x8PKWnuULqBoisBgg6FttxqhI86ijJL&#xd;
uxRwil1oto6/+VMVLPtyNnWFuNYfk5icrm3nsSsNeM22ZWZsilKyiBeldj1+cRMwUizu4873Mqcq&#xd;
bGiX1v6l8czoWjVmGaBulSavVXv1lgGelC3r1cJjpLtWFdWJ0N+FWQzLTcUsGEHapGnhE1sXt68q&#xd;
hGqVjgwhmepLb7NQoz5zmk1WW1XuDjG7wIjhA4vs+OTODx5UfpVd4CplQZO+WgFY5Pn5KW4201U7&#xd;
vXRLPPUEONHsMiAPlwzLWniPH2ZQO8v2GLs6hA==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:46,825 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:46,825 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:46,825 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQdd38608-1066-4dce-ae07-6009715b0d6f', issue instant '2021-09-21T11:01:47.482Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:46,826 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,826 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:46,826 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:46,826 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:46,826 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:46,826 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQdd38608-1066-4dce-ae07-6009715b0d6f"
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQdd38608-1066-4dce-ae07-6009715b0d6f and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQdd38608-1066-4dce-ae07-6009715b0d6f"
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQdd38608-1066-4dce-ae07-6009715b0d6f and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQdd38608-1066-4dce-ae07-6009715b0d6f"
2021-09-21 11:01:46,827 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:46,827 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:46,827 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,827 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,828 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:46,828 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:46,829 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:46.830Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:46.830Z
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,830 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,831 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:46,832 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6062e49f'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:46,833 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:46,834 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@6062e49f'
2021-09-21 11:01:46,834 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:46,834 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:46,835 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:46,835 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:46,835 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b
2021-09-21 11:01:46,835 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b to Response _c6832283e33675bded6b8081d143b59e
2021-09-21 11:01:46,835 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:46,836 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:46,837 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:46,837 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxtK54O/GRnKTHni6KWgmoKWYglRmvlluN2yJEe2Rovb4aKmMRYvRAB78ODUaKWUBPpxtk8fPd6vleYVHBIdxJXdOQI6iWCyrMQ3JsU5XVeiuLgQrM1hmwyTYROhM= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQdd38608-1066-4dce-ae07-6009715b0d6f
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b
2021-09-21 11:01:46,837 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b did not already contain Conditions, one was added
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:46.834Z, to Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b already contained Conditions, nothing was done
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b already contained Conditions, nothing was done
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:46,838 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _94afe0c1c6c37e2b2ae53c5cb4b3fe3b
2021-09-21 11:01:46,844 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,844 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,844 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQx8TWI9+2v5eYSE5ap9RrVOTHBMroo+UUZ4vPMNSsAU3gq5H6qtbU8SJCqJZZLNdrDObni6v5n6Crift5JbPdTCb3m6L5ge5C8/1iP0J5JgVALOD/9Vi+ACWpGYds=
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxtK54O/GRnKTHni6KWgmoKWYglRmvlluN2yJEe2Rovb4aKmMRYvRAB78ODUaKWUBPpxtk8fPd6vleYVHBIdxJXdOQI6iWCyrMQ3JsU5XVeiuLgQrM1hmwyTYROhM=
2021-09-21 11:01:46,845 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:46,846 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:46,846 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:46,846 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94afe0c1c6c37e2b2ae53c5cb4b3fe3b"
2021-09-21 11:01:46,846 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94afe0c1c6c37e2b2ae53c5cb4b3fe3b and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,846 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_94afe0c1c6c37e2b2ae53c5cb4b3fe3b"
2021-09-21 11:01:46,846 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _94afe0c1c6c37e2b2ae53c5cb4b3fe3b and Element was [saml2:Assertion: null]
2021-09-21 11:01:46,849 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_c6832283e33675bded6b8081d143b59e"
    InResponseTo="ARQdd38608-1066-4dce-ae07-6009715b0d6f"
    IssueInstant="2021-09-21T11:01:46.834Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_94afe0c1c6c37e2b2ae53c5cb4b3fe3b"
        IssueInstant="2021-09-21T11:01:46.834Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_94afe0c1c6c37e2b2ae53c5cb4b3fe3b">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>RzaN2BuZ2UkSXHiqv6KubXiKsuipL8Tl7jWPIq/22UY=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>qg5ku9Q7goK+bfzl8buLzUSAxLDcpplHdqjVNakK9IbhYnmVi7bbYuTNiIo05AUHnt3ONgVQQbbxV6/sP+CbYE6aCriXnPnfB6ImKFBLgwpEpxAWy31a5LJHlLIq89Ip/wRwd/OIo1kQkBKOctJoaow96azu0Ie9R4vEzaEllog9X1bkFZ5PHcvpM50nnhSrIQNPFecds/GB4v/r7eKtVWNz8AblIYjtGu/54CNaqWRuLdD79HREPCCX4NCJE5CmnnJDvwd0y42PstkemmEOFfb3+o2Eyk23+mDYupJ0i2WBYJm4yoHNCUkOe8Njs29jmLnzeEbda74feegnGXP8cg==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxtK54O/GRnKTHni6KWgmoKWYglRmvlluN2yJEe2Rovb4aKmMRYvRAB78ODUaKWUBPpxtk8fPd6vleYVHBIdxJXdOQI6iWCyrMQ3JsU5XVeiuLgQrM1hmwyTYROhM=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQdd38608-1066-4dce-ae07-6009715b0d6f"
                    NotOnOrAfter="2021-09-21T11:06:46.837Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:46.834Z" NotOnOrAfter="2021-09-21T11:06:46.834Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_cfe3a1d69ae94f73610287e96a27f232">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:46,851 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,851 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:46,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6832283e33675bded6b8081d143b59e"
2021-09-21 11:01:46,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6832283e33675bded6b8081d143b59e and Element was [saml2p:Response: null]
2021-09-21 11:01:46,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_c6832283e33675bded6b8081d143b59e"
2021-09-21 11:01:46,851 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _c6832283e33675bded6b8081d143b59e and Element was [saml2p:Response: null]
2021-09-21 11:01:46,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:46,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:46,853 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:46,854 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_c6832283e33675bded6b8081d143b59e"
    InResponseTo="ARQdd38608-1066-4dce-ae07-6009715b0d6f"
    IssueInstant="2021-09-21T11:01:46.834Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_c6832283e33675bded6b8081d143b59e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>gqW8BKbQHPsVh7ltNFuoLNUpWeoWqe1TOSTkZhDoo8k=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>GbcMfeb02xjXut0+dF+bO54dzCrqPN5rWE0ZvPn4TUCVyAd/JfsWNfgyMRFnQIeGzqD30v9O/sEnQdQZh/gcHK4wVEvfRCKHfZapev8Fn+Nt9nz5sTgpMW5lHsj5LvorenOZz61lODBlmX0EirtbtRG4YJA16weqLizWu9ovJVOB3PgOl06Y7omDfmL0Y6bQ7bLJFrgg5q9bk8T2XheRLqyd/2dcsWtNkHmjLyVctFbg/DfYp7q2uf0di4pfnSeK9DC0kPJvw22Pk/6WY34QaB10vjizRW82fc/zXzNhnnQ+gabPcC0zpmmfEpEM8NQZPS3P8N0l9q5qw/Wxkn099g==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
    <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
        <xenc:EncryptedData Id="_ee80a3e94e26e1e40f148e0f1ed2d8bb"
            Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
            <xenc:EncryptionMethod
                Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
            <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
                <xenc:EncryptedKey
                    Id="_aa14dac71d1e5258d43c7555273ce437"
                    Recipient="https://localhost:8443/sp" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                    <xenc:EncryptionMethod
                        Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <ds:DigestMethod
                            Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
                    </xenc:EncryptionMethod>
                    <ds:KeyInfo>
                        <ds:X509Data>
                            <ds:X509Certificate>MIIGZzCCBU+gAwIBAgIQA7pum5sBf+f2gFpk67Kr7zANBgkqhkiG9w0BAQsFADBcMQswCQYDVQQG
EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMRsw
GQYDVQQDExJUaGF3dGUgUlNBIENBIDIwMTgwHhcNMjAwMjIxMDAwMDAwWhcNMjIwMjIwMTIwMDAw
WjBoMQswCQYDVQQGEwJGSTEOMAwGA1UEBxMFRXNwb28xFjAUBgNVBAoTDVRpZXRvRVZSWSBPeWox
FjAUBgNVBAsTDVRpZXRvRVZSWSBPeWoxGTAXBgNVBAMMECoudGVzdC51bS1wbG0uZmkwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxDY3bHloQX+sPimBw8ga1pYEAi++mr8B5tZyUAqaz
U/bFoBvwWUDS0zISh6ptSRlk0p2yWOqyF285qT9inLNnJTr1Le+7J4C2nCTMXmqpBicMzNuwpXZX
nY6N8MYc0dj3loZ8mdI+Xy1XLoIKkqN/qCXO39DpAx8ce1bCryF/al4IJwROyo9P6Ea9Z0tnaXoL
+Y6YMyEmqNdLyqysMes2SU8J3S8EH0CuEaC3ijqBj+DhmMmqnlPtCqKeYDD1zJ7Co5oVCp7b7/mB
aAlQAe0ud5W2Er3qkEmG/RRnoGDgEhp8kDasuT9pc/8ZY/XESDrQ42AOsag3N/kdSmCnjKxvAgMB
AAGjggMXMIIDEzAfBgNVHSMEGDAWgBSjyF5lVOUweMEF6gcKalnMuf7eWjAdBgNVHQ4EFgQUc4y4
HtbPSnEmIlL+/wYLD5tABHQwGwYDVR0RBBQwEoIQKi50ZXN0LnVtLXBsbS5maTAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDoGA1UdHwQzMDEwL6AtoCuGKWh0
dHA6Ly9jZHAudGhhd3RlLmNvbS9UaGF3dGVSU0FDQTIwMTguY3JsMEwGA1UdIARFMEMwNwYJYIZI
AYb9bAEBMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EM
AQICMG8GCCsGAQUFBwEBBGMwYTAkBggrBgEFBQcwAYYYaHR0cDovL3N0YXR1cy50aGF3dGUuY29t
MDkGCCsGAQUFBzAChi1odHRwOi8vY2FjZXJ0cy50aGF3dGUuY29tL1RoYXd0ZVJTQUNBMjAxOC5j
cnQwCQYDVR0TBAIwADCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHUAu9nfvB+KcbWTlCOXqpJ7
RzhXlQqrUugakJZkNo4e0YUAAAFwZv/VvQAABAMARjBEAiA1+qyGHajzXMD4H2p5Q++q6fagsdhw
TFaRUMM0+0n3XgIgF0GKaRJCzgJv1kIglfnjYueez/1dasA1kgSg5xOhFoYAdwAiRUUHWVUkVpY/
oS/x922G4CMmY63AS39dxoNcbuIPAgAAAXBm/9XuAAAEAwBIMEYCIQCmCRtb4B098rTtl13QP2/5
uso6+CcDPNkA4Zl8n9h/CQIhALXkryt7x8su1V2kwWHLDjjLfxBrS4U47Eg2dgMwWunRAHUAUaOw
9f0BeZxWbbg3eI8MpHrMGyfL956IQpoN/tSLBeUAAAFwZv/WEAAABAMARjBEAiATOKUegzk8SODx
lrmNRVahPdA1EMDzbMIFyHCxrDDcZQIgGcxiJGg9cT8Id0cq/C8jbqGra+h1eHepKIkb4AMM7Yow
DQYJKoZIhvcNAQELBQADggEBABWgtiRWchKR345D5E2DbzsXwWq7NN7p3B5lIlpE2yUgzsaM1ygF
pFHrLSX58/tw10grqJlXb2XQO9p0LW9c8jtDcJmAQJ3IsnbNFWZWOijLORlXNRVERHLHaTo1F6bN
m07PmOhQzzE2jzdwRon+SHc3/MCCyyjTB8OYB9SWPg5Wz6/JVgPi7lPZR1ZIUGci+lOc4rdrzozQ
C4HLmoKb0krVKWvlQRfFjWj/tBI5bbVNacVoPX2d9XLskNS1fAl+Gjnt1H3TYkkG7PlQhJgDJTe/
E8Opq49jrumhUJ1zSOjPpC846S4vQ5RiCcgHu/9JtyKZHGuNNs3GqRS1hNur6rI=</ds:X509Certificate>
                        </ds:X509Data>
                    </ds:KeyInfo>
                    <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                        <xenc:CipherValue>fWq7la1PL/cG3HE1ZVm3W3/RsqNlabFKEpCd2FJD5dscBW6GGPK46G9FJm6GAuu4e/fmh22lriMJWmOKBS9vp4QF4Xub5OOIdcOYL21dmbUs+gViQeNIVAEeXoHnCxO7QV+0iRnyPNzuCugPVy4pTcSSfUsUgAtYhm7MDuIb61yQqIQ8U43wvJxR/bJTObiVjAaus8xIVXH7laszlMk+m0gzf6LwfIjWdxeC/GJIRFvrkEHThYAr1TpMQnyboMs1/t/GSyALB3KZ3utm9mhUhV2uxoPjBDZMA17zGa8HOxaU2jvPfTEouJtOpFmMpNFmFB0UIwLyLUZ7mK6rF4gLcQ==</xenc:CipherValue>
                    </xenc:CipherData>
                </xenc:EncryptedKey>
            </ds:KeyInfo>
            <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
                <xenc:CipherValue>35OZO/jo7zOu1zrOIa7ihyUyqul3afbZprEXDgFIevaYmz4WOn974RBEhxzj7NX45VKLNVhVwD1k9UtTk0HESFU/8/5qED/vksDWj7wiBifckCuLVAvw1hSEbIYBD2VUjr8BQvx+uP65zrPBFv5SL7ARsoZ6/pecv8M9HWfyuynEGzuLF9c3S0ara2QG3s7YCEHbnYzeUmgayvdGC4qYxCuTLrd0dnFvCiz4R2s89I+4WZB+A1qtZ7OUn4ZhyOMoGRbyCrcH3UOJsWxmIq1eNMO3s+X6YhTh6qi/qm5yHwvkeZvzGt8Cr6/Sh1JcUv5jBQag2BUMyqNCjLaZo26XWdQJQJxgzmxjX0wjCbqy5qeqTia3XMshw6imXK4FOYa+1JjotM6PLaIvHlOv09us3rVsgpuNyUetfQ5Ovjwnpm/jOtKQE9bymGD//kR/hu3+ZVszIBzq3fEgjIlijT/tjCdpUHfTBpEswFV/vE/1aiyXjl5/rHJEugN4gzLDEUlt1rtZqgBoeWxso0iTNCWIIy+Ry3i+xHkJr4ZvFSZSiO8/xGbJSHSmmOpcUijejZa99tOaZ5yhaTKKRxVln29VDw6vQNVNnaOWod6m3SVRzJAt5ku6EwJLImy15vA5ViXqI2CjRTwqOvjMPRML0YAvSf9WVVtbeZcBh3ZMchzkw87qRDsAvOMDCHvawppr1Uuio/8F1rzurZhYKirV8XUc8zDboH591zM8eOzUW9PKh4SI9KtvRgr4bFTLK4ZVpJRBsPQDOauNrsnhp0z/23xmeGfQzmL/qivIBCRVMXacxwe5krWX7tmXDy2YmCEBa3YIdyn9BU29yK0wZZ/NxwB6MTg1o7Of9MKekK3H09T5xG8C5uWoJ9qcsmmPzTZiMlwAU6DLt9ZcE1DUCQMlIJzogLf9jUnDo2EouJjO/QaRVrq7F+V+EIbEAnpo/zwogFY7xV/8lHdmPSZ66A9wyjkhqS/V3EwU3aeFWPmdo2yidtJt+URnwkCzx7akHZqMGL05jcTu+pBr8cpISxkDe2fwmSPWsozngnb0INMzuB96yrJpP6qEqU8Hz8pHrcx10ZI17vYykqHIw3P1UsFHGZFHU1pctRjvxVfk9iyMouxn5RSo8LkfSMtH6u7cDh0N6c+9y37iZ9e9qfwLJ0rWTRR5BThQ5Hs5jiI6PARfG9CXFNhhcfS3wjqNp6edaXiQhyfKYYLdYMRom1lllkCcJ+Bfqv9qVWxWsoE3EcYCsDD913PJ1Y23OP2yyanvRdc8uGNpHZTVRYBDtipBjyZVswDZXvrgzmbYaO5mFBCxvmAuot2+hm2lQgnWMo2oZNy1S1lG7vY6EZCRtj14/qr7cJXN08YAzdFtpNcR/ZNwQiEiK+SjgCKNtpZh4LVifFkRc/KczzB96n6LqyHS7din4Arz3CogpOZn9t827G/ZczasSg2bpDnMUGPyAgNlknE5x0STHuj1ft2de1iNZDNE4XTYK47SXYbbfZcYn+/AKjFKsrzdM4RyodD/Mp0PL+aeHSwloCJaqAXIttFSryiY2Dv1pesSCY9n9kR7ceykTExrKwnebreJrk7oPyv0atS6NATonWc2f7RE9OctO2HrIvNQPiOJdRAyoQxuglb0CFfz/qojgQU/gwedtWFNNuPwiPJf/tHudbyYv8M1vMNknmhupf5LbkmUW/D6NEq/jO0Oa3qd0g4ywAEdnlif5dT+NuCfHXm157Il1SLkrVXBEk68+XpLKnPoOQU9LYlHh4vNt/plYiySab9mqLABvhXt7sKZIYsmTs2wBp4XcVPk7o7n5+2qRxkTia7l6+UjngRC/GeM9fWTJVkjHLyVWbAV+B5dEbiLzqTSQWwvrE5KzaEBmpya/CitTjnH7HkZtmbI8aADcpcNN2NQQ6rST/T8Yp252oLFU3DW8xpERypmiKobQj8TUsQ4HTdsHCa/ML3SFVLlXOSTOdcTW2stpbEEdo3aMJt3fhHPZLzRBn3M6dlyc076hrHs7xLUKUQ2P/VLhOGuPGfiuzS2ptVHNDTvbbq+vxBA5a+uObgdM0ZBcAip+r6MLwyortxYYr+e67hN/TYctOivcjh6JoRQEogO565IdOEoD8k609fP22wbAfPNNIsXcX2DZimBydUyKa4YJvplkyzSuoUJpT9jiVxNWWtE0uS1MOT8BZmEFXi88sLKF1QmjBuRQLVxHqodWVrsx/KaEBg0MHoa0dMdyo+WdQ/8biiTFlTaF8IAs3TsZj/e22c/PZhUpJ3ZNSBytsrOvMU0Qo4jEhXZJz8t06q3UP+bZxIUmUUePRA3f3JZw7haURf6yp5FGuoEmBGlnMFSw1rwOR4e1MxpR8zAuE1ksBDZZ0Lan6pJIcORHLdbbawEfQTcsOfyXS6fls3HsC/AqnKLldC6nsWy4TX/DNJIqw8gJOvmfxspqE2onEyIIM1/6yVGYKutNIUYNUDBbP83KsccN2GMnWC815Fna/CRpGljPLBjaN00C+QIjssEqECjMvVdgEmblCx6t2K+AKuqRdvC5kDRTyaBG1X00IV4kyBX7qnokBOBHeCagTFjLQHbNcnXxmjLHV/i42H4p4j0MT2QqNRYZMprVTNhbQzPlhtbFVzFBTMBaEKwUVzSkJFkar4fLpzdTf5MlJww46EzAT/6Bq/29Stqe6KdwfzBT41+VCV63TTbQHaC6l71WHsmg4LG5ZbFVOPSeEG3MJRBGtqQBUnFm1XOQa8tZDjjwtSLdla9x6v5csSXqcGedaV8QiOfNj0MTUH++4cvNV+gQXS74IzKn5EyD5cb7sBMH2d5fdxN//ZlnevloOVX4kVPlaxb7I6mMq9d+nzmRk+A7WXX9x3dVQTSBYKK7r8xjEWHa/Vi16HHk+xwlkrHLzTCutdVANWwc727xdvb4bCRnX3B8N6XjwNj0dnJbiA73BtwbfVjCgAsr/PvkyzYI9Z3LXqe1KrVQp2ahYRMbb54dL7o9QNEUjWFAvcNi7j48XQ59TqGA52Mvt+erZuEyJkwSyfvr1mdHmqDjGDpSDQjN6YyAJqBS6DyK4DKhk8Zp90p/7qksAUDxzSNfsmqQy1PdNbIQ+I8g6nCZoSrzQQDVwAMTsKB9oaJEV5QG9K2Kl5t3TkDWK4zYuAaX7GiwMwC1r40R+W6B5xIi9i2oJMytVDT2ML06WgpcgfuNW6UnkmZMi7vwFhUibcX2B68ibA0TLE9d/UxBO565Qt3i4lcUNv0ixyZ7go3kjK+Otq0Wp8wbJcneeAph8F7qTMQS92KrVR/7xAq8acgbNXBrLEGk/Y+/yhSDmFeyrN6nkNx+juqy2I2S2QE2EvB8p/bOwNuPcJoORJ7ZoPD1S1t9+8POIvfvDT9+0lKJ39yxH/8xoi2s1IJL+n/CngOIKYfEuKGjC6kmVEt64xZ2kYXYMUIljjLsts0XrgLQit1tJlbQV93aQo244smedKwlhDo1IlYYi5f8wyA4FPTUEJR8atqZ03vOK0blKAlxlims6tomul4WUGcWvTx1G8iZqBBuyYHvm2y3epKPJRwUOjaw0bpMQ1i79kboTMDrnrwKuvPSEVcXPf8pC0WH3eJ7UjgtyFaq2HlGDmZg+Gu9Cj+HiDI0IaIJlAvvGysViiey3CLTCfShi4ya9FJE9+9xV21a9NTHwbPr4snjz0xWdXJxHT1Ihl1hpFZY6WGwQz8iK3i7/DvoKJ4mHFF9vjUAUc3uFON8HXO+LMJA0mTIZiGJCDAl+Pqum9GtlhtOPGvcvfZFyZFQ+4VlXAu9/8hh8erUV0/vKzO+cAeGxTScqjUuz3akx4fx/nSzsPRhF+QWPvIirewiutrr40JsZ6VO9Et8fzGzwvkqUmwzrWpmsA81siLBBgrs0vZsqwdHVbdmEzNs/AelevGEeQRxgouOYvIpbTdX92+JYFhPqXW4zloXGkPKaTgt7cvOX92jXOjFEGCODhv9E++4P4b1wOVUJKCBq7gcnARyDD49AJy6Ia4dgYC5WZZ9BEupPcdJAigRtBWeTM58+6gT04i2yg3k2b7w2iJuITAjcT94qTTWFvLIdvZHJQYRuPIezpScHDMvqdUMumsHN7a3ASfFoR87yutLkIwvSBv5tcXXSR7z4EqauoWj+1rxDT6s+AJM2rxTJ0rY2E3PVyHVGnCDQj6FhfjmHal1WJKSSFVUvWXMoa9EiMjd5gCGNSRVX5O9LeSwqwoEbQ18S9GqXO3S3VLnmuffYxfaMwuXgcKjL/oTPzMHCttbq6CkekLGL3WfwcLl10pCmsEhxgogospaTB3AGSj/5gY6dzFMPX1fcM8HFORIum4qMLVOy8mV8a0YcH9EYTKNJmvg8PWevpyosAMppRfc4HNR7Lou/cY3siE4ugtW/NUpiSQebh/vT+xgclZ+ND1heCbUL9JuXU6yw6qFm4XtlTgqrVz2oEzYZa/O0/2N+nV5Jf0oDxmel4SBSCsnOHCILcdtAOit0Wa+3Q3DApwI+ql7fqjlc0F6uf6GE5B6TpHfRrqWzuwFvVRGIcTCNwciIDiUz7QRmKD5l8WDxYEfX3p97U28paDArDP725HTGJp/ivVp72nsU2GMMoGd9jP6Idrhivxuot69baFjXoR+wR4+Nek7Pm2QwSpzsLiL6xfuXPxum49cNXO6sLtjQowKAtdQzp5fYXAoSgHAG1qS5/QtSSpyZwVeHPEodcVckUC+N7Raa2Bl9GXnzPbWP3jEV+2R3DSi63Q9E6ZpdJIS08FiHbb6PFkaa/w23kUl6KnjwYEpf7NMCIz03G8psmOvIKdE/NnDXIb4qVxyUkBhsBKdif89G6z+mofGAvM7GrjlHReaYzuRnfrQJhr2tvc9wZtzFQCNmlGfCPiQzObDp9ujkb9uL6ivsX0RqnfmGerBiNSv2NUf9ryoXrA9zwVxlxQj8OEhlipFwyoo4IcfGFHvJINUgkvIhH/X+Am0zHp79Y56lSZh+2uAtmGq0NZ6jUUDzvfJAkLVD01pw20BrQiV/ePHTowogjylZZZgXTgnjMsAx0CeC96rD6jE4vch1BX+vlsAV4qSbeH3mnVTiDfz3Hl3ReoyKjZWjS2gUPflh6klmO/9goJO/cPTmZHPBr8c7ZPQ2Gda/eympWrx/0y3uA/4sRh80ExY9eOaCLr0VDTLu2GhRbRy7t/Z59hQg2Nte4a24qR4m4ACZbtN1/qVuC6as6LPYbJRfI9eBfNMO5S97SjWr3b7cpWp6JC0lTL28FvVF4QIf1ZgFShSsWNQekKwG7zLkt5zEQo0DVrMKk8FMJQ+80VwCfVZnVW3C+/+rpvfrhg6bffqviiHApReB7WJBNNp9P9VF6+HyY724apbZSQVtjsk/t7z0z5UtpT3J4c/8r+BuX/AifzsQAYxBUGWlOOWk1lgVIswnu07OgdbEDptoNNrs1N7Lz5SpBWtR5bmjVpOU7BjlRtdSGe1hDWBiwNLNOg0WUkSxWJUrRu7KJO500ecjPngbv+4MJk9PATx9goQPE4L3QnLign9FL0RgTCBwcELzhrDwwDGJmgp+xuMhCoF6apsc6zR0KlppA6+eyGnLYbXR138g5ydYe3VV8aAVCM1At8sy4mrWhNigWBvSOGBHFj5XV2nSHB0zG6NzhvI7yUJ0AvD6W7kN9SeM0UdLl8yZMhj6ZSOfXIwK7zQ5ce2wMpeLY03yxq4vxk13sWn9KQpBFjX7bBXZxtFswWawDcl+0BOGc06NwXZyGiok6aDmLHxqiLZzhgC8tHkeSjL4FSnQQ1hkUrQnCyP0aKM0EI8jVVN6wYfklHgfsIYfypD62B43NcTR0uYO3V0ZCiofnE8WC9kPD5iuAxzlPYnDoOMnXAnS/JhRrIqB4T34F6RJptBQwmmhUMR/kS0L07Ygfa6Ps+68BWxehW8T/VdTnZNx6c6pKPb3nYmxzwwykcmv3j694+wSto9Ppf1QZx9H6sQUVO2JMEp4CS3MOXcatQwwAJVWrT+z1WlWRRIioJJ9V/7td0h6CV1Lzh2HGmxczOCXuyPL2K+5tVXn1ra0olNeVpm6S+xyJ7NVwnkfAsHhGP9drlmpuVRm2ExDx/FCNkf/HyvQ7SqC3Vg8Anvu+UYbfHabl9aYO3gYRAl7iYNIPzAZH3KJ+OfuBer3MVl+OvDRnhQs5cgFvRSkCi0XeKvIL38grRa8q3cZ2esHe8eC7EdQ+Ew8WGhLbYyfIaiCY5BwJRnwK5wHiSRyenFI53b90dwkzXniKO2CXA32mrG0wrsG6Jc6JCldG7UfhaZTgbGW3aS6y5wLA9lZ2XgGuw2LIh8KmexAYLdmy72q+jTEqrTyn8j5u8hcItl2OcIUqti4VuVS/vqaUr9s4UsASuXRcrQanCFs9+IIigT/HVHYBQifiPbaU837LdtaAkBdAU1lBRBOpBGkMP+hygCtJckfYO/mH/KhV9hM3aL4mnEi+YIj4B3noyDj7GguhSrOvWK8I6eGKFxaF+n9WgDieyGbmkepZPbZtc/WFdL4+O94DMBeWy60lVey4hpzx1EknPfvjaiUDcjUQa7Pj2yvVZaUvMzeUt7AzHs+R3gVAaGsSNZ9LUjF3jz7U0p1zg4QNlH8cG23/fzYEAmE+zZr69+NM1TYPOmWpx2N4bQ+FWnBjiTO5gH88kYttT8z0Stjd7i7BjrIEdsAqfEdbGnUD7d+0vSm7ovUndNdED2IWguiwtPIEUWptOyb5yZNr5TmhoZCx94+uKf2bewAR8SXPm8fVKj0MHvrC7x1QEnVbqRaUuI4Ynhfcj1ZDtHGkTL+H4HtQ1iA3EtT8KTb47Kh8DO+shfbCNKyuugZi9yPvNO+kcVPXJuz7I+9P+UeZcPX3DVatV0Ttgy5HlCwIrQ8cINmZGtpuridKutaZrONQ8AHVgQO4mmRhtUgNsnfyr3yMQxxUq9Pcg4cf2sDTwVBmVYAtKZ1WuTDmD/InbLKAJRrQ+VQgsKt/AsjGkZXkDmzxEbBkM+KbXAngZ6cXdjTilnGXVeJ8dEYts9yZbIZc/9IEx7PcRHXWWBhOMH0CN1HIp5P+xPZgBhDdnqhSBAXLvesHxZgPci9jhgqra/sB8vRcixP4cPiLNwAzlKrJDKcHxqgrd4VTS2ACDOK6D2SMca32gm+YJkWox39fLLHwERsab6G2jJTCsr9wH9GLOjjitClID9gjeDKaTLz+sj860x2YDRKbbDTXU5SCZyos/7wGJ9ANlYQjnHox177zwqfH1PaI8z78JJjW0Kao3rxEJsbrfq46zDLP7lEjgInvsMALugWfSkhl7EYqgICjdy0xbGUPdCQrHDbmrwOMXRU0ylE20yYVbqshz7odg/UfQzo79cbg7PlOaPCIAZyZueqSXG6z+nLxKHItH5Lf+8vceDz2FAbVUEYpS1Bls8bb1p3qZ+sgTdnC/x/P45TPFhJgoFNZkKuF2ACO4KAIQQBWP8iiNeN7q40YbA1/vS1tOfSwwBlKdqP7wc3n973y5fyJrvjHeBPpwXbmbx9Bz+RZR8nqcrsBVENfgFuRgLbUJsDIqqa6g4JEFVs8WkObhWNnqcwKYRjFa/64UqUcCwVS373yns4T7v2Xxt3x0/YJWBU8BGiECyf7MMmWrr69y0NWg+lNho41/XFnMet+O7yZcsrPBpNV2DDpQn+/MnJV7At6db4mBkdnl5zoomPhbKnuvvnu5ErExLUoVX0gh5vG+tDfkQZteTISlgEEkesTDXd3FN1NigHzqaUtcccQXPZ8rQAje4MnMWui0PXYorcVMEuqfrEs21fxqJ0vqGyFkCvExzbhs6UqtXLLpTobhFBHnFbiHtBTpRJeSXu5yUiinDlQNv3KvWO0dSJtqb9w/KhAQWPQEFvebz8Azm96M8wiZ66AL7fb5WVgOK0hYWzX7DoYCuH96QvmQMvqi8R2EqPVAUyFaEzcBsj/WoaXazq7jhbhZt8mCZLo5Gj3c3HmLwwhXOFU5GyFLwjvaSb0x6RAn2d90euCH3d3wImGTN2hKXXC5EuueFq6XyNo/s3IUjXPvgUaRTgSsgAfqezuwaTKRkhfX+6KAxNdqIQhuA/N1f1Sx1c0mijrmUn5dm4bb2rIKmPaf1OJ9jsMyeJXDlBNrsFsT87w+px8BeLogDKAGQMLL7rl9uWFwtONL6rZGL57ZTcGb0Wz+YrBTYaPuLmZzEb5jsBlXYrr3iYaI6b5MM43XDChk/NjaQWED6OIbMGmh7KL6jqD3YIgXOSQl0X4ibA8znhKScG86cA4SQAwPAFKQQDRVTxLVZQoS8gDcO2j7QfJvOk8=</xenc:CipherValue>
            </xenc:CipherData>
        </xenc:EncryptedData>
    </saml2:EncryptedAssertion>
</saml2p:Response>

2021-09-21 11:01:46,854 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:?] - Profile Action RecordResponseComplete: Record response complete
2021-09-21 11:01:46,854 - INFO [Shibboleth-Audit.SSO:?] - 20210921T110146Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|ARQdd38608-1066-4dce-ae07-6009715b0d6f|https://localhost:8443/sp|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://samltest.id/saml/idp|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_c6832283e33675bded6b8081d143b59e|rick|urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport|eduPersonEntitlement,uid,identifier,role,telephoneNumber,mail,surname,displayName,givenName|AAdzZWNyZXQxtK54O/GRnKTHni6KWgmoKWYglRmvlluN2yJEe2Rovb4aKmMRYvRAB78ODUaKWUBPpxtk8fPd6vleYVHBIdxJXdOQI6iWCyrMQ3JsU5XVeiuLgQrM1hmwyTYROhM=|_94afe0c1c6c37e2b2ae53c5cb4b3fe3b|
2021-09-21 11:01:47,231 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML relay state of: null
2021-09-21 11:01:47,231 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Getting Base64 encoded message from request
2021-09-21 11:01:47,231 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPPostDecoder:?] - Decoded SAML message
2021-09-21 11:01:47,231 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:AuthnRequest
    AssertionConsumerServiceURL="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    Destination="https://samltest.id/idp/profile/SAML2/POST/SSO"
    ForceAuthn="false" ID="ARQc1e0144-b7df-495f-9316-300e6e001769"
    IsPassive="false" IssueInstant="2021-09-21T11:01:47.893Z"
    ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
    Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://localhost:8443/sp</saml2:Issuer>
    <ds:Signature
                xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
                Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
                Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<ds:Reference
                        URI="#ARQc1e0144-b7df-495f-9316-300e6e001769">
<ds:Transforms>
<ds:Transform
                        Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
                    Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<ds:DigestValue>ArE86Pd8axehriA6toWTmHQ9dsGnBsXhs8824DUdkPM=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
N7MQI3bJhzJ1wIh6HAEPI4DG9Gg6rdbTM8eyn6I7Ml7RD/Hym+d9Z8vQYKbBJOlwcUzUlEC3h5hI&#xd;
xv5nIeLzLAhbqfScid6MxI4ZtUKPO+y51E4TZucK2e989AyrAchchZIHUWHe9CitqsA4eL18G4r6&#xd;
kwmXlNmv4Mv7TiJj1dYp/9VrZY0wcnECc4NI1l3dJoE8JRQr1tsRQvatTVGD4PyM3/JGzj83UZIn&#xd;
W/hTzJGy8k/OJZ9ZP8/HdOj+RJQgh5sb6T1MeBVG90/fQVY9G+8v1aRezUbJyy0e7CB7hYCnHA/z&#xd;
wRgb/rZsQUUsDo5ToajsWghHMXvK52phkqIXQA==
</ds:SignatureValue>
</ds:Signature>
</saml2p:AuthnRequest>

2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:?] - Message Handler:  org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  Selecting default AttributeConsumingService, if any
2021-09-21 11:01:47,232 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:?] - Message Handler:  No AttributeConsumingService selected
2021-09-21 11:01:47,232 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:?] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://localhost:8443/sp
2021-09-21 11:01:47,233 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Checking SAML message intended destination endpoint against receiver endpoint
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Intended message destination endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  Actual message receiver endpoint: https://samltest.id/idp/profile/SAML2/POST/SSO
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:?] - Message Handler:  SAML message intended destination endpoint matched recipient endpoint
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:?] - Message Handler:  Evaluating message replay for message ID 'ARQc1e0144-b7df-495f-9316-300e6e001769', issue instant '2021-09-21T11:01:47.893Z', entityID 'https://localhost:8443/sp'
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler:?] - SPSSODescriptor for entity ID 'https://localhost:8443/sp' does not require AuthnRequests to be signed
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Enveloped signature transform
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.security.impl.SAMLSignatureProfileValidator:?] - Saw Exclusive C14N signature transform
2021-09-21 11:01:47,233 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Attempting to verify signature on signed SAML protocol message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from metadata using entityID: https://localhost:8443/sp, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Retrieving role descriptor metadata for entity 'https://localhost:8443/sp' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol'
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 source EntityDescriptors
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - Attempting to filter candidate RoleDescriptors via resolved Predicates
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:?] - After predicate filtering 1 RoleDescriptors remain
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - signatureMethodURI = http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigAlgorithm    = SHA256withRSA
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - jceSigProvider     = SunRsaSign
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.XMLSignature:?] - PublicKey = Sun RSA public key, 2048 bits
  params: null
  modulus: 22350863767006859709813668220392921420022692162181255411783117848079439896108976976061415440057036485580876962818266812316904545616442270456891999352336766475395819389834437047669203924330116699752926059472318882559087636059223725897696984816089286221073754152088137403279116616858698258709204653261201321532394336452882256045359302543476043566842000123004010263221700938796208782618017433800015920404722443014334552493670084624295995530246853987920964842160680708040304962115088337701009006231860444844249967267976205432800245949994648467988361227864988209708243544074062983645006928708098823650072663402675398552687
  public exponent: 65537
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.Manifest:?] - verify 1 References
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.Manifest:?] - I am not requested to follow nested Manifests
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQc1e0144-b7df-495f-9316-300e6e001769"
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQc1e0144-b7df-495f-9316-300e6e001769 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#ARQc1e0144-b7df-495f-9316-300e6e001769"
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID ARQc1e0144-b7df-495f-9316-300e6e001769 and Element was [saml2p:AuthnRequest: null]
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.Reference:?] - Verification successful for URI "#ARQc1e0144-b7df-495f-9316-300e6e001769"
2021-09-21 11:01:47,234 - DEBUG [org.apache.xml.security.signature.Manifest:?] - The Reference has Type 
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Validation of protocol message signature succeeded, message type: {urn:oasis:names:tc:SAML:2.0:protocol}AuthnRequest
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:?] - Message Handler:  Authentication via protocol message signature succeeded for context issuer entity ID https://localhost:8443/sp
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Handler can not handle this request, skipping
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler
2021-09-21 11:01:47,234 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:?] - Message Handler:  HTTP request was not signed via simple signature mechanism, skipping
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:?] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest
2021-09-21 11:01:47,235 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:?] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 1 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:?] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://localhost:8443/online-forms-web/login/saml2/SSO/sp using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - No AttributeConsumingService was available
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED
2021-09-21 11:01:47,235 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:?] - Issuance of a delegated Assertion is not in effect, skipping further processing
2021-09-21 11:01:47,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:47,235 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:?] - Profile Action PopulateSignatureSigningParameters: Signing enabled
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Encryption for assertions (true), identifiers (false), attributes(false)
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolving EncryptionParameters for request
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding entityID to resolution criteria
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Adding role metadata to resolution criteria
2021-09-21 11:01:47,236 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolving credentials from supplied RoleDescriptor using usage: ENCRYPTION.  Effective entityID was: https://localhost:8443/sp
2021-09-21 11:01:47,236 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:?] - Resolved cached credentials from KeyDescriptor object metadata
2021-09-21 11:01:47,236 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve data encryption algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:47,236 - DEBUG [org.opensaml.saml.security.impl.SAMLMetadataEncryptionParametersResolver:?] - Could not resolve key transport algorithm based on SAML metadata, falling back to locally configured algorithms
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:?] - Profile Action PopulateEncryptionParameters: Resolved EncryptionParameters
2021-09-21 11:01:47,236 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:?] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing
2021-09-21 11:01:47,237 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:?] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2021-09-21T11:01:47.237Z, isPassive=false, forceAuthn=false, hintedName=null, maxAge=0, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T00:00:00.000Z}
2021-09-21 11:01:47,237 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:?] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do
2021-09-21 11:01:47,237 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:?] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext
2021-09-21 11:01:47,237 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Performing primary lookup on session ID 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,237 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Updating expiration of master record for session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56 to 2021-09-21T12:01:47.237Z
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading AuthenticationResult for flow authn/Password in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.session.impl.ExtractActiveAuthenticationResults:?] - Profile Action ExtractActiveAuthenticationResults: Authentication result authn/Password is active, copying from session
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:?] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:?] - Profile Action FilterFlowsByForcedAuthn: Request does not have forced authentication requirement, nothing to do
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: No specific Principals requested
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:?] - Profile Action SelectAuthenticationFlow: Reusing active result authn/Password
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Canonical principal name established from session as 'rick'
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.authn.impl.FinalizeAuthentication:?] - Profile Action FinalizeAuthentication: Request did not have explicit authentication requirements, result is accepted
2021-09-21 11:01:47,238 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithAuthenticationResult:?] - Profile Action UpdateSessionWithAuthenticationResult: Updating activity time on reused AuthenticationResult for flow authn/Password in existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.resolver.dc.ldap.impl.TemplatedExecutableSearchFilterBuilder:?] - Template text (uid=$resolutionContext.principal) yields (uid=rick)
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.resolver.ad.impl.PrescopedAttributeDefinition:?] - Attribute Definition 'eduPersonPrincipalName': Dependencies [ResolverPluginDependency{pluginId=myLDAP, attributeId=eduPersonPrincipalName}] provided unmapped values of []
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter'  Beginning process of filtering the following 10 attributes: [eduPersonEntitlement, uid, identifier, role, telephoneNumber, mail, surname, displayName, givenName, eduPersonUniqueId]
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'eduPersonEntitlement' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'uid' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'identifier' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'role' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'telephoneNumber' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'mail' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'surname' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'displayName' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': 1 values for attribute 'givenName' remained after filtering
2021-09-21 11:01:47,239 - DEBUG [net.shibboleth.idp.attribute.filter.impl.AttributeFilterImpl:?] - Attribute filtering engine 'ShibbolethAttributeFilter': no policy permitted release of attribute eduPersonUniqueId values
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.consent.flow.impl.InitializeConsentContext:?] - Profile Action InitializeConsentContext: Created consent context 'ConsentContext{previousConsents={}, chosenConsents={}}'
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action PopulateAttributeReleaseContext: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7e982df3'
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.consent.logic.impl.JoinFunction:?] - Result 'rick:https://localhost:8443/sp'
2021-09-21 11:01:47,240 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'org.opensaml.storage.MutableStorageRecord@644e4e60' with context 'intercept/attribute-release' and key 'rick:https://localhost:8443/sp'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.storage.impl.ConsentSerializer:?] - Deserialized context 'intercept/attribute-release' key 'rick:https://localhost:8443/sp' value '[{"id":201},{"id":301},{"id":117},{"id":"identifier"},{"id":"mail"},{"id":"role"},{"id":106},{"id":116},{"id":"uid"}]' expiration '1663758102256' as '{displayName=Consent{id=displayName, value=null, isApproved=true}, eduPersonEntitlement=Consent{id=eduPersonEntitlement, value=null, isApproved=true}, givenName=Consent{id=givenName, value=null, isApproved=true}, identifier=Consent{id=identifier, value=null, isApproved=true}, mail=Consent{id=mail, value=null, isApproved=true}, role=Consent{id=role, value=null, isApproved=true}, surname=Consent{id=surname, value=null, isApproved=true}, telephoneNumber=Consent{id=telephoneNumber, value=null, isApproved=true}, uid=Consent{id=uid, value=null, isApproved=true}}'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.logic.impl.FlowIdLookupFunction:?] - Current flow id is 'intercept/attribute-release'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: Read storage record 'null' with context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.flow.storage.impl.ReadConsentFromStorage:?] - Profile Action ReadConsentFromStorage: No storage record for context 'intercept/attribute-release' and key 'rick'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.flow.impl.PopulateConsentContext:?] - Profile Action PopulateConsentContext: Populating consents: [displayName, eduPersonEntitlement, givenName, identifier, mail, role, surname, telephoneNumber, uid]
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.logic.impl.IsConsentRequiredPredicate:?] - Consent is not required, previous consents match current consents
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.consent.flow.ar.impl.AbstractAttributeReleaseAction:?] - Profile Action ReleaseAttributes: Found attributeContext 'net.shibboleth.idp.attribute.context.AttributeContext@7e982df3'
2021-09-21 11:01:47,241 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:?] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do
2021-09-21 11:01:47,241 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:?] - Profile Action AddStatusResponseShell: Setting Issuer to https://samltest.id/saml/idp
2021-09-21 11:01:47,242 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:?] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response
2021-09-21 11:01:47,243 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAuthenticationStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Attempting to add an AuthenticationStatement to outgoing Assertion
2021-09-21 11:01:47,243 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Created Assertion _6b7451c1ddf50280467af84effd7940d
2021-09-21 11:01:47,243 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAuthnStatementToAssertion: Added Assertion _6b7451c1ddf50280467af84effd7940d to Response _f599e14b79351607211892fa6820a87e
2021-09-21 11:01:47,243 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.AddAuthnStatementToAssertion:?] - Profile Action AddAuthnStatementToAssertion: Added AuthenticationStatement to Assertion _6b7451c1ddf50280467af84effd7940d
2021-09-21 11:01:47,243 - DEBUG [net.shibboleth.idp.saml.profile.impl.BaseAddAttributeStatementToAssertion:?] - Profile Action AddAttributeStatementToAssertion: Attempting to add an AttributeStatement to outgoing Assertion
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value urn:mace:dir:entitlement:common-lib-terms of attribute eduPersonEntitlement
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rick of attribute uid
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute identifier
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value manager@samltest.id of attribute role
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value +1-555-555-5515 of attribute telephoneNumber
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value rsanchez@samltest.id of attribute mail
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Sanchez of attribute surname
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick Sanchez of attribute displayName
2021-09-21 11:01:47,244 - DEBUG [net.shibboleth.idp.saml.attribute.encoding.SAMLEncoderSupport:?] - Encoding value Rick of attribute givenName
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Attempting to add NameID to outgoing Assertion Subjects
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.common.profile.logic.AbstractNameIDPolicyPredicate:?] - No object to operate on, returning true
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.common.profile.logic.MetadataNameIdentifierFormatStrategy:?] - Metadata specifies the following formats: []
2021-09-21 11:01:47,245 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - Configuration specifies the following formats: []
2021-09-21 11:01:47,245 - DEBUG [net.shibboleth.idp.saml.profile.logic.DefaultNameIdentifierFormatStrategy:?] - No formats specified in configuration or in metadata, returning default
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Candidate NameID formats: [urn:oasis:names:tc:SAML:2.0:nameid-format:transient]
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Trying to generate NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Trying to generate identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.AbstractSAML2NameIDGenerator:?] - Generating NameID AAdzZWNyZXQxiK2RbWelRSFAZ41Aq08KTg5NTaRgvPjpeOjg2Vr0EA4k7HmvESdLJbMF8rESaop7n0knlStN7QmSti/5pm+UvVvMjb0ln7dZc2Vy2l+efrjsYTLmSlMi1Hjuc78= with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.common.profile.impl.ChainingNameIdentifierGenerator:?] - Successfully generated identifier with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Successfully generated NameID with Format urn:oasis:names:tc:SAML:2.0:nameid-format:transient
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddNameIDToSubjects:?] - Profile Action AddNameIDToSubjects: Added NameID to 1 assertion subject(s)
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Attempting to add SubjectConfirmation to assertions in outgoing Response
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Address to 131.207.242.128
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data InResponseTo to ARQc1e0144-b7df-495f-9316-300e6e001769
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data Recipient to https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Setting confirmation data NotOnOrAfter to 5 minutes from now
2021-09-21 11:01:47,245 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddSubjectConfirmationToSubjects:?] - Profile Action AddSubjectConfirmationToSubjects: Added SubjectConfirmation with method urn:oasis:names:tc:SAML:2.0:cm:bearer to 1 assertion(s)
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Attempting to add NotBefore condition to every Assertion in outgoing Response
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotBeforeConditionToAssertions:?] - Profile Action AddNotBeforeConditionToAssertions: Added NotBefore condition to Assertion _6b7451c1ddf50280467af84effd7940d
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotBeforeConditionToAssertions: Assertion _6b7451c1ddf50280467af84effd7940d did not already contain Conditions, one was added
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Attempting to add NotOnOrAfter condition to every Assertion in outgoing Response
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddNotOnOrAfterConditionToAssertions:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Added NotOnOrAfter condition, indicating an expiration of 2021-09-21T11:06:47.241Z, to Assertion _6b7451c1ddf50280467af84effd7940d
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddNotOnOrAfterConditionToAssertions: Assertion _6b7451c1ddf50280467af84effd7940d already contained Conditions, nothing was done
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Attempting to add an AudienceRestrictionCondition to every Assertion in Response
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.saml2.profile.SAML2ActionSupport:?] - Profile Action AddAudienceRestrictionToAssertions: Assertion _6b7451c1ddf50280467af84effd7940d already contained Conditions, nothing was done
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding new AudienceRestriction
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Adding https://localhost:8443/sp as an Audience of the AudienceRestriction
2021-09-21 11:01:47,246 - DEBUG [org.opensaml.saml.common.profile.impl.AddAudienceRestrictionToAssertions:?] - Profile Action AddAudienceRestrictionToAssertions: Added AudienceRestrictionCondition to Assertion _6b7451c1ddf50280467af84effd7940d
2021-09-21 11:01:47,247 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Adding new SPSession for relying party https://localhost:8443/sp to existing session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,247 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Loading SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,247 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:47,247 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedIdPSession:?] - Saving SPSession for service https://localhost:8443/sp in session 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56
2021-09-21 11:01:47,247 - DEBUG [net.shibboleth.idp.session.SPSessionSerializerRegistry:?] - Registry located StorageSerializer of type 'net.shibboleth.idp.saml.session.impl.SAML2SPSessionSerializer' for SPSession type 'class net.shibboleth.idp.saml.session.SAML2SPSession'
2021-09-21 11:01:47,248 - DEBUG [net.shibboleth.idp.session.AbstractIdPSession:?] - IdPSession 750753400c4bd42bdb44745e2e6bab16f56b2400a85a01434d0b96f493978a56: replaced old SPSession for service https://localhost:8443/sp
2021-09-21 11:01:47,248 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Removing secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxtK54O/GRnKTHni6KWgmoKWYglRmvlluN2yJEe2Rovb4aKmMRYvRAB78ODUaKWUBPpxtk8fPd6vleYVHBIdxJXdOQI6iWCyrMQ3JsU5XVeiuLgQrM1hmwyTYROhM=
2021-09-21 11:01:47,248 - DEBUG [net.shibboleth.idp.session.impl.StorageBackedSessionManager:?] - Maintaining secondary index for service ID https://localhost:8443/sp and key AAdzZWNyZXQxiK2RbWelRSFAZ41Aq08KTg5NTaRgvPjpeOjg2Vr0EA4k7HmvESdLJbMF8rESaop7n0knlStN7QmSti/5pm+UvVvMjb0ln7dZc2Vy2l+efrjsYTLmSlMi1Hjuc78=
2021-09-21 11:01:47,248 - DEBUG [net.shibboleth.idp.session.impl.UpdateSessionWithSPSession:?] - Profile Action UpdateSessionWithSPSession: Older SPSession for relying party https://localhost:8443/sp was replaced
2021-09-21 11:01:47,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptNameIDs: No encryption parameters, nothing to do
2021-09-21 11:01:47,249 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractEncryptAction:?] - Profile Action EncryptAttributes: No encryption parameters, nothing to do
2021-09-21 11:01:47,249 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6b7451c1ddf50280467af84effd7940d"
2021-09-21 11:01:47,249 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6b7451c1ddf50280467af84effd7940d and Element was [saml2:Assertion: null]
2021-09-21 11:01:47,249 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_6b7451c1ddf50280467af84effd7940d"
2021-09-21 11:01:47,249 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _6b7451c1ddf50280467af84effd7940d and Element was [saml2:Assertion: null]
2021-09-21 11:01:47,252 - DEBUG [PROTOCOL_MESSAGE:?] - Profile Action EncryptAssertions: Response before assertion encryption:
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response ID="_f599e14b79351607211892fa6820a87e"
    InResponseTo="ARQc1e0144-b7df-495f-9316-300e6e001769"
    IssueInstant="2021-09-21T11:01:47.241Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <saml2p:Status>
        <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
    </saml2p:Status>
    <saml2:Assertion ID="_6b7451c1ddf50280467af84effd7940d"
        IssueInstant="2021-09-21T11:01:47.241Z" Version="2.0"
        xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
        <saml2:Issuer>https://samltest.id/saml/idp</saml2:Issuer>
        <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
            <ds:SignedInfo>
                <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
                <ds:Reference URI="#_6b7451c1ddf50280467af84effd7940d">
                    <ds:Transforms>
                        <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                        <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                            <ec:InclusiveNamespaces PrefixList="xsd" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                        </ds:Transform>
                    </ds:Transforms>
                    <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                    <ds:DigestValue>WZPbQyeIEn9oPWUrbz4MMAuGV4mZEPnYalsE2eRJvK0=</ds:DigestValue>
                </ds:Reference>
            </ds:SignedInfo>
            <ds:SignatureValue>I17QKe1wNTYnqFNtjRzT3EpkQeFExzYod9I7jKaDakfJD20dYLXNljuBhunJH9r394q5o0igH3ca9WmHEug85UgwMPEk5VsirX3V1qzaoyrCb3a2/valutB8hUaA6YXWo5LGEQ/0yytbTw0douPmtHeNPL2yhezFPPbrKkyRc91U/8r86teZ9SNK3PKgNWrLVZLp+No/MeP7r02wFFLyjnPp5ZoRSaG9NbDxnY5TDAAYic/gIcLaX7TNW8xIHgJjVRPnFi/Ejp1vr+6Rv54+KR+RxfUnoAHjP0C2hjnycPa53AsdIf3s/hTDSrG86pRveLs01I0JwjVE+S3mJZb9qw==</ds:SignatureValue>
            <ds:KeyInfo>
                <ds:X509Data>
                    <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcUZOpx4swtgGdeoSpeRyrtMvRwdcci
NBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==</ds:X509Certificate>
                </ds:X509Data>
            </ds:KeyInfo>
        </ds:Signature>
        <saml2:Subject>
            <saml2:NameID
                Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"
                NameQualifier="https://samltest.id/saml/idp"
                SPNameQualifier="https://localhost:8443/sp" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">AAdzZWNyZXQxiK2RbWelRSFAZ41Aq08KTg5NTaRgvPjpeOjg2Vr0EA4k7HmvESdLJbMF8rESaop7n0knlStN7QmSti/5pm+UvVvMjb0ln7dZc2Vy2l+efrjsYTLmSlMi1Hjuc78=</saml2:NameID>
            <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml2:SubjectConfirmationData Address="131.207.242.128"
                    InResponseTo="ARQc1e0144-b7df-495f-9316-300e6e001769"
                    NotOnOrAfter="2021-09-21T11:06:47.245Z" Recipient="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"/>
            </saml2:SubjectConfirmation>
        </saml2:Subject>
        <saml2:Conditions NotBefore="2021-09-21T11:01:47.241Z" NotOnOrAfter="2021-09-21T11:06:47.241Z">
            <saml2:AudienceRestriction>
                <saml2:Audience>https://localhost:8443/sp</saml2:Audience>
            </saml2:AudienceRestriction>
        </saml2:Conditions>
        <saml2:AuthnStatement AuthnInstant="2021-09-21T11:01:39.237Z" SessionIndex="_a9ff05703c7bc1d24deb79ecf7938155">
            <saml2:SubjectLocality Address="131.207.242.128"/>
            <saml2:AuthnContext>
                <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>
            </saml2:AuthnContext>
        </saml2:AuthnStatement>
        <saml2:AttributeStatement>
            <saml2:Attribute FriendlyName="eduPersonEntitlement"
                Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>urn:mace:dir:entitlement:common-lib-terms</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="uid"
                Name="urn:oid:0.9.2342.19200300.100.1.1" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rick</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute
                Name="urn:oasis:names:tc:SAML:attribute:subject-id" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="role"
                Name="https://samltest.id/attributes/role" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue
                    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xsd:string">manager@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="telephoneNumber"
                Name="urn:oid:2.5.4.20" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>+1-555-555-5515</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="mail"
                Name="urn:oid:0.9.2342.19200300.100.1.3" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>rsanchez@samltest.id</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="sn" Name="urn:oid:2.5.4.4" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="displayName"
                Name="urn:oid:2.16.840.1.113730.3.1.241" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick Sanchez</saml2:AttributeValue>
            </saml2:Attribute>
            <saml2:Attribute FriendlyName="givenName"
                Name="urn:oid:2.5.4.42" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml2:AttributeValue>Rick</saml2:AttributeValue>
            </saml2:Attribute>
        </saml2:AttributeStatement>
    </saml2:Assertion>
</saml2p:Response>

2021-09-21 11:01:47,253 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:?] - Adding destination to outbound SAML 2 protocol message: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:47,253 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:?] - Message Handler:  Checking outbound endpoint for allowed URL scheme: https://localhost:8443/online-forms-web/login/saml2/SSO/sp
2021-09-21 11:01:47,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f599e14b79351607211892fa6820a87e"
2021-09-21 11:01:47,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f599e14b79351607211892fa6820a87e and Element was [saml2p:Response: null]
2021-09-21 11:01:47,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - State I can resolve reference: "#_f599e14b79351607211892fa6820a87e"
2021-09-21 11:01:47,254 - DEBUG [org.apache.xml.security.utils.resolver.implementations.ResolverFragment:?] - Try to catch an Element with ID _f599e14b79351607211892fa6820a87e and Element was [saml2p:Response: null]
2021-09-21 11:01:47,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Invoking Velocity template to create POST body
2021-09-21 11:01:47,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Encoding action url of 'https://localhost:8443/online-forms-web/login/saml2/SSO/sp' with encoded value 'https&#x3a;&#x2f;&#x2f;localhost&#x3a;8443&#x2f;online-forms-web&#x2f;login&#x2f;saml2&#x2f;SSO&#x2f;sp'
2021-09-21 11:01:47,255 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:?] - Marshalling and Base64 encoding SAML message
2021-09-21 11:01:47,257 - DEBUG [PROTOCOL_MESSAGE:?] - 
<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response
    Destination="https://localhost:8443/online-forms-web/login/saml2/SSO/sp"
    ID="_f599e14b79351607211892fa6820a87e"
    InResponseTo="ARQc1e0144-b7df-495f-9316-300e6e001769"
    IssueInstant="2021-09-21T11:01:47.241Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
    <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://samltest.id/saml/idp</saml2:Issuer>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference URI="#_f599e14b79351607211892fa6820a87e">
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
                <ds:DigestValue>Ja8C1+EfiK0UxarXrr8D8prZn5VNwMzPLmpNmikGpNI=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>WrmB7rARsS5UGuH2+0A9XGXyQnUc9SACu+aFL85S8pBx5chKkoXm3sZSFjun93Pqyb/1QX55rmiy0n1XYFGxrwxUw3yxjeK53dsPX+jZ0GaUGk7yjGSwBKM8n3cP9D0MQbP5pOIRoM6/yA0BxXiubuh3ko+8ocmk+vKKwRkZX/M1OAGWfRNeh1fbd3bDV1ef5fkzD5/F5+zbnNmq0jbsw/b4ine1QjOPgbY/rMxypxPpebHZyDb9zEvNA8fiDkAyvaB9m+0aXeR4YSfqtOC4xqYkBPZtNZJ9hxohzJ77vpHrlcO1HenA//cYbEiY/lR6k7XxnhhfQMGndW8kBCFncA==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEBCwUAMBYxFDAS
BgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4MDgyNDIxMTQwOVowFjEUMBIG
A1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFK
s71ufbQwoQoW7qkNAJRIANGA4iM0ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyj
xj0uJ4lArgkr4AOEjj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVN
c1klbN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF/cL5fOpd
Va54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8nspXiH/MZW8o2cqWRkrw3
MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0GA1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE
4k2ZNTA0BgNVHREELTArggtzYW1sdGVzdC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lk
cDANBgkqhkiG9w0BAQsFAAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3
YaMb2RSn7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHTTNiL
ArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nblD1JJKSQ3AdhxK/we
P3aUPtLxVVJ9wMOQOfcy02l+hHMb6